βΌ CVE-2022-23733 βΌ
π Read
via "National Vulnerability Database".
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35221 βΌ
π Read
via "National Vulnerability Database".
Teamplus Pro community discussion has an Γ’β¬Λallocation of resource without limits or throttlingΓ’β¬β’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2631 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35223 βΌ
π Read
via "National Vulnerability Database".
EasyUse MailHunter UltimateΓ’β¬β’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.π Read
via "National Vulnerability Database".
π΄ T-Mobile Store Owner Made $25M Using Stolen Employee Credentials π΄
π Read
via "Dark Reading".
Now-convicted phone dealer reset locked and blocked phones on various mobile networks.π Read
via "Dark Reading".
Dark Reading
T-Mobile Store Owner Made $25M Using Stolen Employee Credentials
Now-convicted phone dealer reset locked and blocked phones on various mobile networks.
π΄ Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges π΄
π Read
via "Dark Reading".
Launches industryβs first ZTNA Migration Tool and ZTNA Buyback Program, setting the stage for migration away from ZTNA 1.0.π Read
via "Dark Reading".
Dark Reading
Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges
Launches industryβs first ZTNA migration tool and ZTNA buyback program, setting the stage for migration away from ZTNA 1.0.
βΌ CVE-2022-35924 βΌ
π Read
via "National Vulnerability Database".
NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `attacker@attacker.com,victim@victim.com`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim's e-mail addresses. The attacker could then login as a newly created user with the email being `attacker@attacker.com,victim@victim.com`. This means that basic authorization like `email.endsWith("@victim.com")` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. (E.g.: strict RFC2821 compliance). Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization.π Read
via "National Vulnerability Database".
βοΈ No SOCKS, No Shoes, No Malware Proxy Services! βοΈ
π Read
via "Krebs on Security".
With the recent demise of several popular "proxy" services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers.π Read
via "Krebs on Security".
Krebs on Security
No SOCKS, No Shoes, No Malware Proxy Services!
With the recent demise of several popular "proxy" services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, severalβ¦
π΄ Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals π΄
π Read
via "Dark Reading".
Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed.π Read
via "Dark Reading".
Dark Reading
Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals
Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed.
π΄ From Babuk Source Code to Darkside Custom Listings β Exposing a Thriving Ransomware Marketplace on the Dark Web π΄
π Read
via "Dark Reading".
Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices.π Read
via "Dark Reading".
Dark Reading
From Babuk Source Code to Darkside Custom Listings β Exposing a Thriving Ransomware Marketplace on the Dark Web
Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices.
π΄ Massive New Phishing Campaign Targets Microsoft Email Service Users π΄
π Read
via "Dark Reading".
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.π Read
via "Dark Reading".
Dark Reading
Massive New Phishing Campaign Targets Microsoft Email Service Users
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.
π΄ Large Language AI Models Have Real Security Benefits π΄
π Read
via "Dark Reading".
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find.π Read
via "Dark Reading".
Dark Reading
Large Language AI Models Have Real Security Benefits
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find.
βΌ CVE-2022-35925 βΌ
π Read
via "National Vulnerability Database".
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34924 βΌ
π Read
via "National Vulnerability Database".
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35923 βΌ
π Read
via "National Vulnerability Database".
v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
π΄ Thousands of Mobile Apps Leaking Twitter API Keys π΄
π Read
via "Dark Reading".
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.π Read
via "Dark Reading".
Dark Reading
Thousands of Mobile Apps Leaking Twitter API Keys
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.
β Universities Put Email Users at Cyber Risk β
π Read
via "Threat Post".
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.π Read
via "Threat Post".
Threat Post
Universities Put Email Users at Cyber Risk
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.
βΌ CVE-2022-37035 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
π€―1
βΌ CVE-2022-29807 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34619 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29808 βΌ
π Read
via "National Vulnerability Database".
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.π Read
via "National Vulnerability Database".