βΌ CVE-2022-2414 βΌ
π Read
via "National Vulnerability Database".
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23004 βΌ
π Read
via "National Vulnerability Database".
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36378 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23002 βΌ
π Read
via "National Vulnerability Database".
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23001 βΌ
π Read
via "National Vulnerability Database".
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23003 βΌ
π Read
via "National Vulnerability Database".
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.π Read
via "National Vulnerability Database".
π΄ Attackers Have 'Favorite' Vulnerabilities to Exploit π΄
π Read
via "Dark Reading".
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.π Read
via "Dark Reading".
Dark Reading
Attackers Have 'Favorite' Vulnerabilities to Exploit
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.
π΄ AWS Focuses on Identity Access Management at re:Inforce π΄
π Read
via "Dark Reading".
Identity and access management was front and center at AWS re:inforce this week.π Read
via "Dark Reading".
Dark Reading
AWS Focuses on Identity Access Management at re:Inforce
Identity and access management was front and center at AWS re:inforce this week.
π΄ ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More π΄
π Read
via "Dark Reading".
Dark Reading's digest of other "don't-miss" stories of the week β including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.π Read
via "Dark Reading".
Dark Reading
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More
Dark Reading's digest of other "don't-miss" stories of the week β including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.
π’ The pros and cons of net neutrality π’
π Read
via "ITPro".
Still on the fence about net neutrality? Here are both sides of the argumentπ Read
via "ITPro".
IT PRO
The pros and cons of net neutrality | IT PRO
Still on the fence about net neutrality? Here are both sides of the argument
π’ What is a 502 bad gateway and how do you fix it? π’
π Read
via "ITPro".
We explain what this networking error means for users and website ownersπ Read
via "ITPro".
IT PRO
What is a 502 Bad Gateway and how do you fix it? | IT PRO
We explain what the 502 Bad Gateway networking error means for users and website owners, and some potential steps for fixing it
π’ Cyber attack on US court system being investigated, DoJ confirms π’
π Read
via "ITPro".
The early 2020 attack, publicly disclosed for the first time this week, is thought to have had a "staggering effect" on the department and other agenciesπ Read
via "ITPro".
IT PRO
Cyber attack on US court system being investigated, DoJ confirms | IT PRO
The early 2020 attack, publicly disclosed for the first time this week, is thought to have had a "staggering effect" on the department and other agencies
π’ Six cyber security holes you need to plug now π’
π Read
via "ITPro".
We shine a light on the easily overlooked cyber cracks that can turn into major sinkholes exposing your businessπ Read
via "ITPro".
ITPro
Six cyber security holes you need to plug now
We shine a light on the easily overlooked cyber cracks that can turn into major sinkholes exposing your business
π’ IT Pro News In Review: Rise in ransomware attacks, UK & South Korea 5G & 6G, IBM data breach report π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
ITPro
IT Pro News In Review: Rise in ransomware attacks, UK & South Korea 5G & 6G, IBM data breach report
Catch up on the biggest headlines of the week in just two minutes
π’ How to boot Windows 11 in Safe Mode π’
π Read
via "ITPro".
Unless youβre a complete Windows novice, youβll have come across Safe Mode before - but what exactly is it, and how do you access it in Windows 11?π Read
via "ITPro".
ITPro
How to boot into Windows 11 Safe Mode
Long-time Windows users will already be familiar with Windows 11 Safe Mode, but what exactly is it for and how do you boot your system into it?
βΌ CVE-2022-27865 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27864 βΌ
π Read
via "National Vulnerability Database".
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22280 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2323 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versionsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36447 βΌ
π Read
via "National Vulnerability Database".
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27866 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".