‼ CVE-2022-2626 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37434 ‼
📖 Read
via "National Vulnerability Database".
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).📖 Read
via "National Vulnerability Database".
🗓️ Authentication bypass bug in Nextauth.js could allow email account takeover 🗓️
📖 Read
via "The Daily Swig".
Vulnerability has been patched in latest versions📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Authentication bypass bug in Nextauth.js could allow email account takeover
Vulnerability has been patched in latest versions
👍1
❌ Open Redirect Flaw Snags Amex, Snapchat User Data ❌
📖 Read
via "Threat Post".
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.📖 Read
via "Threat Post".
Threat Post
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
‼ CVE-2022-2672 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.📖 Read
via "National Vulnerability Database".
🕴 How to Resolve Permission Issues in CI/CD Pipelines 🕴
📖 Read
via "Dark Reading".
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.📖 Read
via "Dark Reading".
Dark Reading
How to Resolve Permission Issues in CI/CD Pipelines
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.
‼ CVE-2022-2674 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2671 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-2673 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35936 ‼
📖 Read
via "National Vulnerability Database".
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.📖 Read
via "National Vulnerability Database".
🕴 A Digital Home Has Many Open Doors 🕴
📖 Read
via "Dark Reading".
Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.📖 Read
via "Dark Reading".
Dark Reading
A Digital Home Has Many Open Doors
Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.
🗓️ High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation 🗓️
📖 Read
via "The Daily Swig".
Now-patched RCE bug impacts dozens of DrayTek Vigor router models📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation
Now-patched RCE bug impacts dozens of DrayTek Vigor router models
👍2
🛠 GNUnet P2P Framework 0.17.3 🛠
📖 Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.17.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🔏 Friday Five 8/5 🔏
📖 Read
via "".
New and dangerous scams are on the rise, your sensitive information may be at risk due to an unlikely party, and tensions between Taiwan and China look to be escalating. Read all about these stories and more in this week’s Friday Five.
📖 Read
via "".
🗓️ XSS in Gmail’s AMP For Email earns researcher $5,000 🗓️
📖 Read
via "The Daily Swig".
Researcher bypasses email filter with inspired style tag trickery📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
XSS in Gmail’s AMP For Email earns researcher $5,000
Researcher bypasses email filter with inspired style tag trickery
🕴 Stolen Data Gives Attackers Advantage Against Text-Based 2FA 🕴
📖 Read
via "Dark Reading".
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.📖 Read
via "Dark Reading".
Dark Reading
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.
👍1
🕴 Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers 🕴
📖 Read
via "Dark Reading".
Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access.📖 Read
via "Dark Reading".
Dark Reading
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access.
👍1
⚠ Traffic Light Protocol for cybersecurity responders gets a revamp ⚠
📖 Read
via "Naked Security".
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.📖 Read
via "Naked Security".
Naked Security
Traffic Light Protocol for cybersecurity responders gets a revamp
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data – three colours that everyone knows.
🕴 A Ransomware Explosion Fosters Thriving Dark Web Ecosystem 🕴
📖 Read
via "Dark Reading".
For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.📖 Read
via "Dark Reading".
Dark Reading
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.
🕴 Genesis IAB Market Brings Polish to the Dark Web 🕴
📖 Read
via "Dark Reading".
As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy.📖 Read
via "Dark Reading".
Dark Reading
Genesis IAB Market Brings Polish to the Dark Web
As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy.
‼ CVE-2022-2499 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.📖 Read
via "National Vulnerability Database".