ποΈ Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases ποΈ
π Read
via "The Daily Swig".
Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Googleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases
Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Google
π΄ SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit π΄
π Read
via "Dark Reading".
Heads of CIA and CISA headline event at DC Convention Center.π Read
via "Dark Reading".
Dark Reading
SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit
Heads of CIA and CISA headline event at DC Convention Center.
π΄ Lessons From the Cybersecurity Trenches π΄
π Read
via "Dark Reading".
Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.π Read
via "Dark Reading".
Dark Reading
Lessons From the Cybersecurity Trenches
Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.
βΌ CVE-2022-36599 βΌ
π Read
via "National Vulnerability Database".
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30490 βΌ
π Read
via "National Vulnerability Database".
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36530 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29959 βΌ
π Read
via "National Vulnerability Database".
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36273 βΌ
π Read
via "National Vulnerability Database".
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30264 βΌ
π Read
via "National Vulnerability Database".
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36272 βΌ
π Read
via "National Vulnerability Database".
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.π Read
via "National Vulnerability Database".
β U.K. Water Supplier Hit with Clop Ransomware Attack β
π Read
via "Threat Post".
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.π Read
via "Threat Post".
Threat Post
U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
π΄ Windows Vulnerability Could Crack DC Server Credentials Open π΄
π Read
via "Dark Reading".
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.π Read
via "Dark Reading".
Dark Reading
Windows Vulnerability Could Crack DC Server Credentials Open
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.
ποΈ Legitimate hacking activities under UK law proposed by βexpert consensusβ ποΈ
π Read
via "The Daily Swig".
Contentious edge case activities are no excuse for further delaying of βmuch overdueβ reform, say campaignersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Legitimate hacking activities under UK law proposed by βexpert consensusβ
Contentious edge case activities are no excuse for further delaying of βmuch overdueβ reform, say campaigners
π΄ With Plunge in Value, Cryptocurrency Crimes Decline in 2022 π΄
π Read
via "Dark Reading".
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.π Read
via "Dark Reading".
Dark Reading
With Plunge in Value, Cryptocurrency Crimes Decline in 2022
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.
π1
βΌ CVE-2022-38362 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.π Read
via "National Vulnerability Database".
β Zoom for Mac patches get-root bug β update now! β
π Read
via "Naked Security".
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...π Read
via "Naked Security".
Naked Security
Zoom for Mac patches critical bug β update now!
Thereβs many a slip βtwixt the cup and the lip. Or at least between the TOC and the TOUβ¦
β US offers reward βup to $10 millionβ for information about the Conti gang β
π Read
via "Naked Security".
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)π Read
via "Naked Security".
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
Wanted β Reward Offered β Five unknown individuals (plus a man with a weird hat)
βοΈ When Efforts to Contain a Data Breach Backfire βοΈ
π Read
via "Krebs on Security".
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicoβs second-largest bank was fake news and harming the bankβs reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.π Read
via "Krebs on Security".
Krebs on Security
When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicoβs second-largest bankβ¦
π΄ Name That Toon: Vicious Circle π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Vicious Circle
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2022-38192 βΌ
π Read
via "National Vulnerability Database".
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userΓΒ’Γ’β¬ÒβΒ’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38193 βΌ
π Read
via "National Vulnerability Database".
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.π Read
via "National Vulnerability Database".