๐๏ธ Legitimate hacking activities under UK law proposed by โexpert consensusโ ๐๏ธ
๐ Read
via "The Daily Swig".
Contentious edge case activities are no excuse for further delaying of โmuch overdueโ reform, say campaigners๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Legitimate hacking activities under UK law proposed by โexpert consensusโ
Contentious edge case activities are no excuse for further delaying of โmuch overdueโ reform, say campaigners
๐ด With Plunge in Value, Cryptocurrency Crimes Decline in 2022 ๐ด
๐ Read
via "Dark Reading".
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.๐ Read
via "Dark Reading".
Dark Reading
With Plunge in Value, Cryptocurrency Crimes Decline in 2022
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.
๐1
โผ CVE-2022-38362 โผ
๐ Read
via "National Vulnerability Database".
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.๐ Read
via "National Vulnerability Database".
โ Zoom for Mac patches get-root bug โ update now! โ
๐ Read
via "Naked Security".
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...๐ Read
via "Naked Security".
Naked Security
Zoom for Mac patches critical bug โ update now!
Thereโs many a slip โtwixt the cup and the lip. Or at least between the TOC and the TOUโฆ
โ US offers reward โup to $10 millionโ for information about the Conti gang โ
๐ Read
via "Naked Security".
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)๐ Read
via "Naked Security".
Naked Security
US offers reward โup to $10 millionโ for information about the Conti gang
Wanted โ Reward Offered โ Five unknown individuals (plus a man with a weird hat)
โ๏ธ When Efforts to Contain a Data Breach Backfire โ๏ธ
๐ Read
via "Krebs on Security".
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicoโs second-largest bank was fake news and harming the bankโs reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.๐ Read
via "Krebs on Security".
Krebs on Security
When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicoโs second-largest bankโฆ
๐ด Name That Toon: Vicious Circle ๐ด
๐ Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.๐ Read
via "Dark Reading".
Dark Reading
Name That Toon: Vicious Circle
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
โผ CVE-2022-38192 โผ
๐ Read
via "National Vulnerability Database".
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userรยขรขโยฌรขโยขs browser.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38193 โผ
๐ Read
via "National Vulnerability Database".
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38194 โผ
๐ Read
via "National Vulnerability Database".
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.๐ Read
via "National Vulnerability Database".
๐ด Clop Ransomware Gang Breaches Water Utility, Just Not the Right One ๐ด
๐ Read
via "Dark Reading".
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.๐ Read
via "Dark Reading".
Dark Reading
Clop Ransomware Gang Breaches Water Utility, Just Not the Right One
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.
๐ด Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign ๐ด
๐ Read
via "Dark Reading".
"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.๐ Read
via "Dark Reading".
Dark Reading
Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign
"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.
โผ CVE-2022-2844 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39085 โผ
๐ Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39086 โผ
๐ Read
via "National Vulnerability Database".
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-2846 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38189 โผ
๐ Read
via "National Vulnerability Database".
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userรขโฌโขs browser.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39087 โผ
๐ Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39035 โผ
๐ Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38184 โผ
๐ Read
via "National Vulnerability Database".
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-2843 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument post_title with the input <img src=x onerror=alert`2`> leads to cross site scripting. The attack may be launched remotely. VDB-206486 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".