π΄ What Women Should Know Before Joining the Cybersecurity Industry π΄
π Read
via "Dark Reading".
Three observations about our industry that might help demystify security for women entrants.π Read
via "Dark Reading".
Dark Reading
What Women Should Know Before Joining the Cybersecurity Industry
Three observations about our industry that might help demystify security for women entrants.
π Wireshark Analyzer 3.6.7 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π2
ποΈ GitHub enhances 2FA for npm, improves security and manageability ποΈ
π Read
via "The Daily Swig".
New features also include ability to connect social media accountsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitHub enhances 2FA for NPM, improves security and manageability
New features also include ability to connect social media accounts
β S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
Latest episode β listen now!
βΌ CVE-2022-1805 βΌ
π Read
via "National Vulnerability Database".
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22644 βΌ
π Read
via "National Vulnerability Database".
Ovarro TBox TWinSoft uses the custom hardcoded user Γ’β¬ΕTWinSoftΓ’β¬οΏ½ with a hardcoded key.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22650 βΌ
π Read
via "National Vulnerability Database".
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22640 βΌ
π Read
via "National Vulnerability Database".
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22646 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕipkΓ’β¬οΏ½ package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1948 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22648 βΌ
π Read
via "National Vulnerability Database".
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2016-2138 βΌ
π Read
via "National Vulnerability Database".
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27509 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated redirection to a malicious websiteπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35882 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2553 βΌ
π Read
via "National Vulnerability Database".
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22642 βΌ
π Read
via "National Vulnerability Database".
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.π Read
via "National Vulnerability Database".
βΌ CVE-2016-2139 βΌ
π Read
via "National Vulnerability Database".
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.π Read
via "National Vulnerability Database".
π΄ What the White House's Cybersecurity Workforce Plan Should Look Like π΄
π Read
via "Dark Reading".
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.π Read
via "Dark Reading".
Dark Reading
What the White House's Cybersecurity Workforce Plan Should Look Like
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.
β Threat Actors Pivot Around Microsoftβs Macro-Blocking in Office β
π Read
via "Threat Post".
Cybercriminals turn to container files and other tactics to get around the companyβs attempt to thwart a popular way to deliver malicious phishing payloads.π Read
via "Threat Post".
Threat Post
Threat Actors Pivot Around Microsoftβs Macro-Blocking in Office
Cybercriminals turn to container files and other tactics to get around the companyβs attempt to thwart a popular way to deliver malicious phishing payloads.
π€1
βΌ CVE-2016-6324 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-4452 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".