βΌ CVE-2022-34619 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29808 βΌ
π Read
via "National Vulnerability Database".
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36968 βΌ
π Read
via "National Vulnerability Database".
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36967 βΌ
π Read
via "National Vulnerability Database".
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30285 βΌ
π Read
via "National Vulnerability Database".
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33917 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.π Read
via "National Vulnerability Database".
π’ UK safety tech sees another year of growth, amidst backlash π’
π Read
via "ITPro".
Record investment in the sector has led to widespread implementation of safety measures, but rights groups and some experts still aren't convincedπ Read
via "ITPro".
IT PRO
UK safety tech sees another year of growth, amidst backlash | IT PRO
Record investment in the sector has led to widespread implementation of safety measures, but rights groups and some experts still aren't convinced
π’ First Choice Community Healthcare hit by data breach π’
π Read
via "ITPro".
The Albuquerque-based firm first learned of the breach in March 2022π Read
via "ITPro".
IT PRO
First Choice Community Healthcare hit by data breach | IT PRO
The Albuquerque-based firm first learned of the breach in March 2022
π’ Tim Hortons 'offers free coffee and donut' to app users to settle data lawsuit π’
π Read
via "ITPro".
Canadian privacy commissioners found that the coffee giant had tracked and recorded the movements of its app users every few minutes of the day, even when the app wasnβt openπ Read
via "ITPro".
IT PRO
Tim Hortons 'offers free coffee and donut' to app users to settle data lawsuit | IT PRO
Canadian privacy commissioners found that the coffee giant had tracked and recorded the movements of its app users every few minutes of the day, even when the app wasnβt open
π’ European energy company and gas pipeline hacked by AlphV ransomware π’
π Read
via "ITPro".
The ransomware gang responsible is also linked with the group that took down Colonial Pipeline a year agoπ Read
via "ITPro".
IT PRO
European energy company and gas pipeline hacked by AlphV ransomware | IT PRO
The ransomware gang responsible is also linked with the group that took down Colonial Pipeline a year ago
π’ Nomad crypto bridge drained of $190 million through βchaoticβ exploit π’
π Read
via "ITPro".
The Nomad team has notified law enforcement and retained leading firms for blockchain intelligence and forensics, it said in a statement on Twitterπ Read
via "ITPro".
IT PRO
Nomad crypto bridge drained of $190 million through βchaoticβ exploit | IT PRO
The Nomad team has notified law enforcement and retained leading firms for blockchain intelligence and forensics, it said in a statement on Twitter
π’ Halborn warns of active MetaMask phishing campaign π’
π Read
via "ITPro".
The blockchain security firm deconstructs a pretentious email that attempted to steal users' passwordsπ Read
via "ITPro".
IT PRO
Halborn warns of active MetaMask phishing campaign | IT PRO
The blockchain security firm deconstructs a pretentious email that attempted to steal users' passwords
π’ Every leading UK university is compromising on email security, researchers say π’
π Read
via "ITPro".
Proofpoint said none of the top ten universities in the UK have implemented the recommended email security policies, leaving institutions open to cyber attacksπ Read
via "ITPro".
IT PRO
Every leading UK university is compromising on email security, researchers say | IT PRO
Proofpoint said none of the top ten universities in the UK have implemented the recommended email security policies, leaving institutions open to cyber attacks
π’ Young hacker faces 20-year prison sentence for creating prolific Imminent Monitor RAT π’
π Read
via "ITPro".
He created the RAT when he was aged just 15 and is estimated to have netted around $400,000 from the sale of it over six yearsπ Read
via "ITPro".
IT PRO
Young hacker faces 20-year prison sentence for creating prolific Imminent Monitor RAT | IT PRO
He created the RAT when he was aged just 15 and is estimated to have netted around $400,000 from the sale of it over six years
π’ Ransomware: Sometimes you need to pay to make it go away π’
π Read
via "ITPro".
The symptoms of this distraught data victim sounded an awful lot like ransomware, and it turned out the easiest way out was the most unpalatable optionπ Read
via "ITPro".
IT PRO
Ransomware: Sometimes you need to pay to make it go away | IT PRO
The symptoms of this distraught data victim sounded an awful lot like ransomware, and it turned out the easiest way out was the most unpalatable option
π’ T-Mobile partners with Homeland Security to prioritize first responder data π’
π Read
via "ITPro".
Eligible T-Mobile WPS subscribers are entitled to priority service at no additional chargeπ Read
via "ITPro".
IT PRO
T-Mobile partners with Homeland Security to prioritize first responder data | IT PRO
Eligible T-Mobile WPS subscribers are entitled to priority service at no additional charge
π’ Twitter API keys found leaked in over 3,200 apps, raising concerns for linked accounts π’
π Read
via "ITPro".
Business and verified Twitter accounts linked to affected apps are at risk of takeover, use in malicious campaignsπ Read
via "ITPro".
IT PRO
Twitter API keys found leaked in over 3,200 apps, raising concerns for linked accounts | IT PRO
Business and verified Twitter accounts linked to affected apps are at risk of takeover, use in malicious campaigns
βΌ CVE-2022-36197 βΌ
π Read
via "National Vulnerability Database".
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34927 βΌ
π Read
via "National Vulnerability Database".
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27617 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34928 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.π Read
via "National Vulnerability Database".