βΌ CVE-2016-3701 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-6315 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2016-4426 βΌ
π Read
via "National Vulnerability Database".
In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.π Read
via "National Vulnerability Database".
π’ Should you take your password manager off the internet? π’
π Read
via "ITPro".
How keeping data offline in a closed loop on a self-service model can help shore up all your apps and servicesπ Read
via "ITPro".
IT PRO
Should you take your password manager off the internet? | IT PRO
How keeping data offline in a closed loop on a self-service model can help shore up all your apps and services
π’ European company unmasked as cyber mercenary group with ties to Russia π’
π Read
via "ITPro".
The company that's similar to NSO Group has been active since 2016 and has used different zero-days in Windows and Adobe products to infect victims with powerful, evasive spywareπ Read
via "ITPro".
IT PRO
European company unmasked as cyber mercenary group with ties to Russia | IT PRO
The company that's similar to NSO Group has been active since 2016 and has used different zero-days in Windows and Adobe products to infect victims with powerful, evasive spyware
π’ Equifax eyes increased fraud prevention capabilities with Midigator acquisition π’
π Read
via "ITPro".
The deal marks Equifaxβs twelfth acquisition since the beginning of 2021π Read
via "ITPro".
IT PRO
Equifax eyes increased fraud prevention capabilities with Midigator acquisition | IT PRO
The deal marks Equifaxβs twelfth acquisition since the beginning of 2021
π’ ZoomInfo hires new First Chief Security Officer π’
π Read
via "ITPro".
Cybersecurity expert Tomer Gershoni will oversee the software firmβs physical, digital security and privacy effortsπ Read
via "ITPro".
IT PRO
ZoomInfo hires new First Chief Security Officer | IT PRO
Cybersecurity expert Tomer Gershoni will oversee the software firmβs physical, digital security and privacy efforts
π’ What is subnetting? π’
π Read
via "ITPro".
Partitioning a single network can help relieve network congestion and increase securityπ Read
via "ITPro".
IT PRO
What is subnetting? | IT PRO
Partitioning a single network can help relieve network congestion and increase security
π’ Fraud detection and prevention market to hit $176 billion by 2030 π’
π Read
via "ITPro".
Payment fraud ranks highest in Acumenβs recent forecast, with identity theft growing by the dayπ Read
via "ITPro".
IT PRO
Fraud detection and prevention market to hit $176 billion by 2030 | IT PRO
Payment fraud ranks highest in Acumenβs recent forecast, with identity theft growing by the day
π’ NCSC launches startup incubator to protect against national cyber threats π’
π Read
via "ITPro".
The program is focused on the protection of highly available operational technology where there is a high risk of digital sabotageπ Read
via "ITPro".
IT PRO
NCSC launches startup incubator to protect against national cyber threats | IT PRO
The program is focused on the protection of highly available operational technology where there is a high risk of digital sabotage
π’ US doubles reward for information on North Korean cybercrime syndicates π’
π Read
via "ITPro".
The news follows the recent Maui ransomware attacks targeting US public health organizationsπ Read
via "ITPro".
IT PRO
US doubles reward for information on North Korean cybercrime syndicates | IT PRO
The news follows the recent Maui ransomware attacks targeting US public health organizations
π’ TikTok to give researchers new API for insight, greater transparency π’
π Read
via "ITPro".
Trends identified by independent analysts could inform business decisionsπ Read
via "ITPro".
IT PRO
TikTok to give researchers new API for insight, greater transparency | IT PRO
Trends identified by independent analysts could inform business decisions
βοΈ Breach Exposes Users of Microleaves Proxy Service βοΈ
π Read
via "Krebs on Security".
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can -- such as by secretly bundling it with other software.π Read
via "Krebs on Security".
Krebs on Security
Breach Exposes Users of Microleaves Proxy Service
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claimsβ¦
π΄ Patch Now: Atlassian Confluence Bug Under Active Exploit π΄
π Read
via "Dark Reading".
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.π Read
via "Dark Reading".
Dark Reading
Patch Now: Atlassian Confluence Bug Under Active Exploit
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.
βΌ CVE-2022-34593 βΌ
π Read
via "National Vulnerability Database".
DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41556 βΌ
π Read
via "National Vulnerability Database".
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2564 βΌ
π Read
via "National Vulnerability Database".
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34578 βΌ
π Read
via "National Vulnerability Database".
Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29360 βΌ
π Read
via "National Vulnerability Database".
The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1799 βΌ
π Read
via "National Vulnerability Database".
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3601 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-1196460611π Read
via "National Vulnerability Database".