βΌ CVE-2022-33881 βΌ
π Read
via "National Vulnerability Database".
Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35629 βΌ
π Read
via "National Vulnerability Database".
Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.π Read
via "National Vulnerability Database".
π΄ Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization π΄
π Read
via "Dark Reading".
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.π Read
via "Dark Reading".
Dark Reading
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.
π΄ Why Bug-Bounty Programs Are Failing Everyone π΄
π Read
via "Dark Reading".
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.π Read
via "Dark Reading".
Dark Reading
Why Bug-Bounty Programs Are Failing Everyone
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
π1
βοΈ 911 Proxy Service Implodes After Disclosing Breach βοΈ
π Read
via "Krebs on Security".
911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911βs proxy software with other titles, including βfreeβ utilities and pirated software.π Read
via "Krebs on Security".
Krebs on Security
911 Proxy Service Implodes After Disclosing Breach
911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of itsβ¦
βΌ CVE-2022-2414 βΌ
π Read
via "National Vulnerability Database".
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23004 βΌ
π Read
via "National Vulnerability Database".
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36378 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23002 βΌ
π Read
via "National Vulnerability Database".
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23001 βΌ
π Read
via "National Vulnerability Database".
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23003 βΌ
π Read
via "National Vulnerability Database".
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
π΄ Attackers Have 'Favorite' Vulnerabilities to Exploit π΄
π Read
via "Dark Reading".
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.π Read
via "Dark Reading".
Dark Reading
Attackers Have 'Favorite' Vulnerabilities to Exploit
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.
π΄ AWS Focuses on Identity Access Management at re:Inforce π΄
π Read
via "Dark Reading".
Identity and access management was front and center at AWS re:inforce this week.π Read
via "Dark Reading".
Dark Reading
AWS Focuses on Identity Access Management at re:Inforce
Identity and access management was front and center at AWS re:inforce this week.
π΄ ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More π΄
π Read
via "Dark Reading".
Dark Reading's digest of other "don't-miss" stories of the week β including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.π Read
via "Dark Reading".
Dark Reading
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More
Dark Reading's digest of other "don't-miss" stories of the week β including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.
π’ The pros and cons of net neutrality π’
π Read
via "ITPro".
Still on the fence about net neutrality? Here are both sides of the argumentπ Read
via "ITPro".
IT PRO
The pros and cons of net neutrality | IT PRO
Still on the fence about net neutrality? Here are both sides of the argument
π’ What is a 502 bad gateway and how do you fix it? π’
π Read
via "ITPro".
We explain what this networking error means for users and website ownersπ Read
via "ITPro".
IT PRO
What is a 502 Bad Gateway and how do you fix it? | IT PRO
We explain what the 502 Bad Gateway networking error means for users and website owners, and some potential steps for fixing it
π’ Cyber attack on US court system being investigated, DoJ confirms π’
π Read
via "ITPro".
The early 2020 attack, publicly disclosed for the first time this week, is thought to have had a "staggering effect" on the department and other agenciesπ Read
via "ITPro".
IT PRO
Cyber attack on US court system being investigated, DoJ confirms | IT PRO
The early 2020 attack, publicly disclosed for the first time this week, is thought to have had a "staggering effect" on the department and other agencies
π’ Six cyber security holes you need to plug now π’
π Read
via "ITPro".
We shine a light on the easily overlooked cyber cracks that can turn into major sinkholes exposing your businessπ Read
via "ITPro".
ITPro
Six cyber security holes you need to plug now
We shine a light on the easily overlooked cyber cracks that can turn into major sinkholes exposing your business
π’ IT Pro News In Review: Rise in ransomware attacks, UK & South Korea 5G & 6G, IBM data breach report π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
ITPro
IT Pro News In Review: Rise in ransomware attacks, UK & South Korea 5G & 6G, IBM data breach report
Catch up on the biggest headlines of the week in just two minutes
π’ How to boot Windows 11 in Safe Mode π’
π Read
via "ITPro".
Unless youβre a complete Windows novice, youβll have come across Safe Mode before - but what exactly is it, and how do you access it in Windows 11?π Read
via "ITPro".
ITPro
How to boot into Windows 11 Safe Mode
Long-time Windows users will already be familiar with Windows 11 Safe Mode, but what exactly is it for and how do you boot your system into it?
βΌ CVE-2022-27865 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".