‼ CVE-2022-1021 ‼
📖 Read
via "National Vulnerability Database".
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29805 ‼
📖 Read
via "National Vulnerability Database".
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.📖 Read
via "National Vulnerability Database".
🕴 Cyber Resiliency Isn't Just About Technology, It's About People 🕴
📖 Read
via "Dark Reading".
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.📖 Read
via "Dark Reading".
Dark Reading
Cyber Resiliency Isn't Just About Technology, It's About People
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.
❌ iPhone Users Urged to Update to Patch 2 Zero-Days ❌
📖 Read
via "Threat Post".
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. iOS 15.6.1 and macOS Monterey 12.5.1 both patch the two flaws, which basically impact […]📖 Read
via "Threat Post".
Threat Post
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
‼ CVE-2022-34624 ‼
📖 Read
via "National Vulnerability Database".
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34621 ‼
📖 Read
via "National Vulnerability Database".
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36605 ‼
📖 Read
via "National Vulnerability Database".
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-35201 ‼
📖 Read
via "National Vulnerability Database".
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36263 ‼
📖 Read
via "National Vulnerability Database".
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34615 ‼
📖 Read
via "National Vulnerability Database".
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34623 ‼
📖 Read
via "National Vulnerability Database".
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36606 ‼
📖 Read
via "National Vulnerability Database".
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36577 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36225 ‼
📖 Read
via "National Vulnerability Database".
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-36578 ‼
📖 Read
via "National Vulnerability Database".
jizhicms v2.3.1 has SQL injection in the background.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37254 ‼
📖 Read
via "National Vulnerability Database".
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36579 ‼
📖 Read
via "National Vulnerability Database".
Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36224 ‼
📖 Read
via "National Vulnerability Database".
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
🕴 BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing 🕴
📖 Read
via "Dark Reading".
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group.📖 Read
via "Dark Reading".
Dark Reading
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group.
👍2
🕴 State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims 🕴
📖 Read
via "Dark Reading".
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA.📖 Read
via "Dark Reading".
Dark Reading
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA.
🕴 Cybersecurity Solutions Must Evolve, Says Netography CEO 🕴
📖 Read
via "Dark Reading".
Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography.📖 Read
via "Dark Reading".
Darkreading
Cybersecurity Solutions Must Evolve, Says Netography CEO
Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography.