π΄ 'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries π΄
π Read
via "Dark Reading".
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.π Read
via "Dark Reading".
Dark Reading
'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.
π΄ When Countries Are Attacked: Making the Case for More Private-Public Cooperation π΄
π Read
via "Dark Reading".
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.π Read
via "Dark Reading".
Dark Reading
When Countries Are Attacked: Making the Case for More Private-Public Cooperation
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.
βΌ CVE-2022-36191 βΌ
π Read
via "National Vulnerability Database".
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22455 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.π Read
via "National Vulnerability Database".
π΄ 'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections π΄
π Read
via "Dark Reading".
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.π Read
via "Dark Reading".
Dark Reading
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.
π1
π HHS Warns of New Phishing Scam Targeting Healthcare Orgs π
π Read
via "".
The latest phishing campaign targeting the industry involves a convincing looking Evernote landing page.π Read
via "".
π΄ Google Chrome Zero-Day Found Exploited in the Wild π΄
π Read
via "Dark Reading".
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.π Read
via "Dark Reading".
Dark Reading
Google Chrome Zero-Day Found Exploited in the Wild
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.
βΌ CVE-2022-38392 βΌ
π Read
via "National Vulnerability Database".
A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in approximately 2005, allows physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35117 βΌ
π Read
via "National Vulnerability Database".
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2870 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2849 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0219.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2547 βΌ
π Read
via "National Vulnerability Database".
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35122 βΌ
π Read
via "National Vulnerability Database".
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35133 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1748 βΌ
π Read
via "National Vulnerability Database".
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1373 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬Εrestore configurationΓ’β¬οΏ½ feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2862 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0220.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23764 βΌ
π Read
via "National Vulnerability Database".
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1069 βΌ
π Read
via "National Vulnerability Database".
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23747 βΌ
π Read
via "National Vulnerability Database".
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26639 βΌ
π Read
via "National Vulnerability Database".
This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.π Read
via "National Vulnerability Database".