βΌ CVE-2022-23919 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24022 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary.π Read
via "National Vulnerability Database".
βοΈ Class Action Targets Experian Over Account Security βοΈ
π Read
via "Krebs on Security".
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victimβs personal information and a different email address.π Read
via "Krebs on Security".
Krebs on Security
Class Action Targets Experian Over Account Security
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurityβ¦
βΌ CVE-2022-2687 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2686 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Decade-old malware strains top annual list of most pervasive business exploits π’
π Read
via "ITPro".
Allied cyber security authorities say the most active strains of 2021 have been in operation for longer than five years, and are being constantly developedπ Read
via "ITPro".
IT PRO
Decade-old malware strains top annual list of most pervasive business exploits | IT PRO
Allied cyber security authorities say the most active strains of 2021 have been in operation for longer than five years, and are being constantly developed
π’ Malware operators abusing Windows shortcuts to bypass VBA macro block π’
π Read
via "ITPro".
The likes of Emotet and Qakbot, as well as Russia-linked state-sponsored hackers, have all pivoted to the new infection techniqueπ Read
via "ITPro".
IT PRO
Leading malware campaigns are abusing genuine Windows shortcuts to bypass Microsoft's VBA macro block | IT PRO
The likes of Emotet and Qakbot, as well as Russia-linked state-sponsored hackers, have all pivoted to the new infection technique
π’ North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email content π’
π Read
via "ITPro".
The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at riskπ Read
via "ITPro".
IT PRO
North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email content | IT PRO
The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at risk
π’ India scraps privacy bill following big tech outcry π’
π Read
via "ITPro".
However, the government is developing a new bill which it hopes to bring into law early next yearπ Read
via "ITPro".
IT PRO
India scraps privacy bill following big tech outcry | IT PRO
However, the government is developing a new bill which it hopes to bring into law early next year
π’ Fortinet unveils βfastestβ compact firewall for hyperscale data centers and 5G networks π’
π Read
via "ITPro".
The new FortiGate 4800F firewall series packs 2.4 Tbps of capacity into a compact 4RU form-factorπ Read
via "ITPro".
IT PRO
Fortinet unveils βfastestβ compact firewall for hyperscale data centers and 5G networks | IT PRO
The new FortiGate 4800F firewall series packs 2.4 Tbps of capacity into a compact 4RU form-factor
π’ Thoma Bravo adds Ping Identity to growing cyber security portfolio in $2.8 billion acquisition π’
π Read
via "ITPro".
The intelligent identity company joins Proofpoint and Sophos, among others, as it looks to accelerate its cloud transformationπ Read
via "ITPro".
IT PRO
Thoma Bravo adds Ping Identity to growing cyber security portfolio in $2.8 billion acquisition | IT PRO
The intelligent identity company joins Proofpoint and Sophos, among others, as it looks to accelerate its cloud transformation
π’ Cyber attacks rain on Taiwan during Pelosi visit π’
π Read
via "ITPro".
IP addresses from China and Russia were said to have been responsible for the attackπ Read
via "ITPro".
IT PRO
Cyber attacks rain on Taiwan during Pelosi visit | IT PRO
IP addresses from China and Russia were said to have been responsible for the attack
π’ Auditors blame massive $4 million cryptocurrency heist on leaky logging technology π’
π Read
via "ITPro".
Investigators raised concern over the thousands of vulnerable wallets containing Solana, USDC and other tokensπ Read
via "ITPro".
IT PRO
Auditors blame massive $4 million cryptocurrency heist on leaky logging technology | IT PRO
Investigators raised concern over the thousands of vulnerable wallets containing Solana, USDC and other tokens
βΌ CVE-2022-2688 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37451 βΌ
π Read
via "National Vulnerability Database".
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2693 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2691 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2692 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2689 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2694 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2690 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π€1