โ Cryptocoin โtoken swapperโ Nomad loses $200 million in coding blunder โ
๐ Read
via "Naked Security".
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.๐ Read
via "Naked Security".
Sophos News
Naked Security โ Sophos News
๐ด CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and โSuperchargeโ a Tech Career ๐ด
๐ Read
via "Dark Reading".
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIAโs Project Agora; invites broad industry participation in the effort to fight for tech talent.๐ Read
via "Dark Reading".
Dark Reading
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and โSuperchargeโ a Tech Career
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIAโs Project Agora; invites broad industry participation in the effort to fight for tech talent.
๐1
๐ด Druva Introduces the Data Resiliency Guarantee of up to $10 Million ๐ด
๐ Read
via "Dark Reading".
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.๐ Read
via "Dark Reading".
Dark Reading
Druva Introduces the Data Resiliency Guarantee of up to $10 Million
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.
๐๏ธ Swiss government announces upcoming launch of federal bug bounty program ๐๏ธ
๐ Read
via "The Daily Swig".
Switzerland Bug Bounty AG awarded program management contract๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Swiss government announces upcoming launch of federal bug bounty program
Bug Bounty Switzerland AG awarded program management contract
โ VMWare Urges Users to Patch Critical Authentication Bypass Bug โ
๐ Read
via "Threat Post".
Vulnerabilityโfor which a proof-of-concept is forthcomingโis one of a string of flaws the company fixed that could lead to an attack chain.๐ Read
via "Threat Post".
Threat Post
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerabilityโfor which a proof-of-concept is forthcomingโis one of a string of flaws the company fixed that could lead to an attack chain.
๐ด ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO ๐ด
๐ Read
via "Dark Reading".
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.๐ Read
via "Dark Reading".
Dark Reading
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.
โผ CVE-2022-23442 โผ
๐ Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-32293 โผ
๐ Read
via "National Vulnerability Database".
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36359 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35620 โผ
๐ Read
via "National Vulnerability Database".
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35619 โผ
๐ Read
via "National Vulnerability Database".
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27484 โผ
๐ Read
via "National Vulnerability Database".
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34973 โผ
๐ Read
via "National Vulnerability Database".
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-32292 โผ
๐ Read
via "National Vulnerability Database".
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34974 โผ
๐ Read
via "National Vulnerability Database".
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.๐ Read
via "National Vulnerability Database".
โ Post-quantum cryptography โ new algorithm โgone in 60 minutesโ โ
๐ Read
via "Naked Security".
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.๐ Read
via "Naked Security".
Naked Security
Post-quantum cryptography โ new algorithm โgone in 60 minutesโ
And THIS is why you donโt knit your own home-made encryption algorithms and hope no one looks at them.
๐ด Cyberattackers Drain Nearly $6M From Solana Crypto Wallets ๐ด
๐ Read
via "Dark Reading".
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.๐ Read
via "Dark Reading".
Dark Reading
Cyberattackers Drain Nearly $6M From Solana Crypto Wallets
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.
๐ด Zero-Day Defense: Tips for Defusing the Threat ๐ด
๐ Read
via "Dark Reading".
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.๐ Read
via "Dark Reading".
Dark Reading
Zero-Day Defense: Tips for Defusing the Threat
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.
โผ CVE-2022-2272 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35865 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-35866 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.๐ Read
via "National Vulnerability Database".