βΌ CVE-2022-35505 βΌ
π Read
via "National Vulnerability Database".
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43179 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35161 βΌ
π Read
via "National Vulnerability Database".
GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27551 βΌ
π Read
via "National Vulnerability Database".
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.π Read
via "National Vulnerability Database".
β GitHub blighted by βresearcherβ who created thousands of malicious projects β
π Read
via "Naked Security".
If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ New Startup Footprint Tackles Identity Verification π΄
π Read
via "Dark Reading".
Early-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity.π Read
via "Dark Reading".
Dark Reading
Startup Footprint Tackles Identity Verification
Early-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity.
π’ Norton and Avast merger 'provisionally' approved by UK regulator π’
π Read
via "ITPro".
Competition and Markets Authority investigation suggests new software giant would still face "significant" competitionπ Read
via "ITPro".
IT PRO
Norton and Avast merger 'provisionally' approved by UK regulator | IT PRO
Competition and Markets Authority investigation suggests new software giant would still face "significant" competition
π’ T-Mobile βsocial engineerβ store owner ran $25 million black market operation π’
π Read
via "ITPro".
The five-year campaign saw the former owner defraud the company after stealing more than 50 employees' login credentialsπ Read
via "ITPro".
IT PRO
T-Mobile βsocial engineerβ store owner ran $25 million black market operation | IT PRO
The five-year campaign saw the former owner defraud the company after stealing more than 50 employees' login credentials
π1
π’ Legal challenge for Sadiq Khan over ANPR expansion, Met access to data π’
π Read
via "ITPro".
Rights campaigners argue that the increase in surveillance is unlawful and unjustifiedπ Read
via "ITPro".
IT PRO
Legal challenge for Sadiq Khan over ANPR expansion, Met access to data | IT PRO
Rights campaigners argue that the increase in surveillance is unlawful and unjustified
π’ Over 200,000 DrayTek routers vulnerable to total device takeover π’
π Read
via "ITPro".
The routers are popular with small and medium businesses, but are easily exploitable by threat actors seeking to steal data or launch ransomwareπ Read
via "ITPro".
IT PRO
Over 200,000 DrayTek routers vulnerable to total device takeover | IT PRO
The routers are popular with small and medium businesses, but are easily exploitable by threat actors seeking to steal data or launch ransomware
π’ Microsoft unveils new threat intelligence and surface management solutions π’
π Read
via "ITPro".
New Microsoft Defender offerings aim to offer deeper insights into threat actors and their behavioursπ Read
via "ITPro".
channelpro
Microsoft unveils new threat intelligence and surface management solutions
New Microsoft Defender offerings aim to offer deeper insights into threat actors and their behaviours
π’ Google Cloud and MITRE make it easier for businesses to threat-hunt in their cloud environments π’
π Read
via "ITPro".
The new pre-built queries aim to make it easier to navigate cloud security for organisations without the deep understanding that's required to effectively manage threatsπ Read
via "ITPro".
ITPro
Google Cloud and MITRE make it easier for businesses to threat-hunt in their cloud environments
The new pre-built queries aim to make it easier to navigate cloud security for organisations without the deep understanding that's required to effectively manage threats
π’ Tory party delays leadership selection over hacking fears π’
π Read
via "ITPro".
The Conservatives have also been forced to abandon plans to allow members to change their vote later in the contestπ Read
via "ITPro".
ITPro
Tory party delays leadership selection over hacking fears
The Conservatives have also been forced to abandon plans to allow members to change their vote later in the contest
π’ How to incorporate password protection into your security strategy π’
π Read
via "ITPro".
A comprehensive security strategy needs to incorporate password protectionπ Read
via "ITPro".
IT PRO
How to incorporate password protection into your wider security strategy | IT PRO
A comprehensive security strategy needs to incorporate password protection
βΌ CVE-2022-2651 βΌ
π Read
via "National Vulnerability Database".
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28731 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2643 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2646 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28730 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34158 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2644 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.π Read
via "National Vulnerability Database".