βΌ CVE-2022-36272 βΌ
π Read
via "National Vulnerability Database".
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.π Read
via "National Vulnerability Database".
β U.K. Water Supplier Hit with Clop Ransomware Attack β
π Read
via "Threat Post".
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.π Read
via "Threat Post".
Threat Post
U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
π΄ Windows Vulnerability Could Crack DC Server Credentials Open π΄
π Read
via "Dark Reading".
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.π Read
via "Dark Reading".
Dark Reading
Windows Vulnerability Could Crack DC Server Credentials Open
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.
ποΈ Legitimate hacking activities under UK law proposed by βexpert consensusβ ποΈ
π Read
via "The Daily Swig".
Contentious edge case activities are no excuse for further delaying of βmuch overdueβ reform, say campaignersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Legitimate hacking activities under UK law proposed by βexpert consensusβ
Contentious edge case activities are no excuse for further delaying of βmuch overdueβ reform, say campaigners
π΄ With Plunge in Value, Cryptocurrency Crimes Decline in 2022 π΄
π Read
via "Dark Reading".
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.π Read
via "Dark Reading".
Dark Reading
With Plunge in Value, Cryptocurrency Crimes Decline in 2022
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.
π1
βΌ CVE-2022-38362 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.π Read
via "National Vulnerability Database".
β Zoom for Mac patches get-root bug β update now! β
π Read
via "Naked Security".
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...π Read
via "Naked Security".
Naked Security
Zoom for Mac patches critical bug β update now!
Thereβs many a slip βtwixt the cup and the lip. Or at least between the TOC and the TOUβ¦
β US offers reward βup to $10 millionβ for information about the Conti gang β
π Read
via "Naked Security".
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)π Read
via "Naked Security".
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
Wanted β Reward Offered β Five unknown individuals (plus a man with a weird hat)
βοΈ When Efforts to Contain a Data Breach Backfire βοΈ
π Read
via "Krebs on Security".
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicoβs second-largest bank was fake news and harming the bankβs reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.π Read
via "Krebs on Security".
Krebs on Security
When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicoβs second-largest bankβ¦
π΄ Name That Toon: Vicious Circle π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Vicious Circle
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2022-38192 βΌ
π Read
via "National Vulnerability Database".
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userΓΒ’Γ’β¬ÒβΒ’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38193 βΌ
π Read
via "National Vulnerability Database".
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38194 βΌ
π Read
via "National Vulnerability Database".
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.π Read
via "National Vulnerability Database".
π΄ Clop Ransomware Gang Breaches Water Utility, Just Not the Right One π΄
π Read
via "Dark Reading".
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.π Read
via "Dark Reading".
Dark Reading
Clop Ransomware Gang Breaches Water Utility, Just Not the Right One
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.
π΄ Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign π΄
π Read
via "Dark Reading".
"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.π Read
via "Dark Reading".
Dark Reading
Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign
"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.
βΌ CVE-2022-2844 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39085 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39086 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2846 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38189 βΌ
π Read
via "National Vulnerability Database".
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39087 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.π Read
via "National Vulnerability Database".