π’ Fraud detection and prevention market to hit $176 billion by 2030 π’
π Read
via "ITPro".
Payment fraud ranks highest in Acumenβs recent forecast, with identity theft growing by the dayπ Read
via "ITPro".
IT PRO
Fraud detection and prevention market to hit $176 billion by 2030 | IT PRO
Payment fraud ranks highest in Acumenβs recent forecast, with identity theft growing by the day
π’ NCSC launches startup incubator to protect against national cyber threats π’
π Read
via "ITPro".
The program is focused on the protection of highly available operational technology where there is a high risk of digital sabotageπ Read
via "ITPro".
IT PRO
NCSC launches startup incubator to protect against national cyber threats | IT PRO
The program is focused on the protection of highly available operational technology where there is a high risk of digital sabotage
π’ US doubles reward for information on North Korean cybercrime syndicates π’
π Read
via "ITPro".
The news follows the recent Maui ransomware attacks targeting US public health organizationsπ Read
via "ITPro".
IT PRO
US doubles reward for information on North Korean cybercrime syndicates | IT PRO
The news follows the recent Maui ransomware attacks targeting US public health organizations
π’ TikTok to give researchers new API for insight, greater transparency π’
π Read
via "ITPro".
Trends identified by independent analysts could inform business decisionsπ Read
via "ITPro".
IT PRO
TikTok to give researchers new API for insight, greater transparency | IT PRO
Trends identified by independent analysts could inform business decisions
βοΈ Breach Exposes Users of Microleaves Proxy Service βοΈ
π Read
via "Krebs on Security".
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can -- such as by secretly bundling it with other software.π Read
via "Krebs on Security".
Krebs on Security
Breach Exposes Users of Microleaves Proxy Service
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claimsβ¦
π΄ Patch Now: Atlassian Confluence Bug Under Active Exploit π΄
π Read
via "Dark Reading".
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.π Read
via "Dark Reading".
Dark Reading
Patch Now: Atlassian Confluence Bug Under Active Exploit
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.
βΌ CVE-2022-34593 βΌ
π Read
via "National Vulnerability Database".
DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41556 βΌ
π Read
via "National Vulnerability Database".
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2564 βΌ
π Read
via "National Vulnerability Database".
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34578 βΌ
π Read
via "National Vulnerability Database".
Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29360 βΌ
π Read
via "National Vulnerability Database".
The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1799 βΌ
π Read
via "National Vulnerability Database".
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3601 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-1196460611π Read
via "National Vulnerability Database".
βΌ CVE-2022-24912 βΌ
π Read
via "National Vulnerability Database".
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.π Read
via "National Vulnerability Database".
β S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
Latest episode β listen now!
βΌ CVE-2022-1277 βΌ
π Read
via "National Vulnerability Database".
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.π Read
via "National Vulnerability Database".
π΄ 3 Tips for Creating a Security Culture π΄
π Read
via "Dark Reading".
Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound.π Read
via "Dark Reading".
Dark Reading
3 Tips for Creating a Security Culture
Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound.
ποΈ XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks ποΈ
π Read
via "The Daily Swig".
Reflected XSS and DOM-based XSS bugs net researchers $3,000 and $5,000 bug bountiesπ Read
via "The Daily Swig".
π Faraday 4.0.4 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Malicious Npm Packages Tapped Again to Target Discord Users β
π Read
via "Threat Post".
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.π Read
via "Threat Post".
Threat Post
Malicious Npm Packages Tapped Again to Target Discord Users
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.
π΄ Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info π΄
π Read
via "Dark Reading".
The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.π Read
via "Dark Reading".
Dark Reading
Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info
The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.