βΌ CVE-2022-36680 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37151 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39393 βΌ
π Read
via "National Vulnerability Database".
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36683 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36682 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40285 βΌ
π Read
via "National Vulnerability Database".
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39394 βΌ
π Read
via "National Vulnerability Database".
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36679 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36681 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37150 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.π Read
via "National Vulnerability Database".
β S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! (Or read the transcript if you prefer the text version.)π Read
via "Naked Security".
Naked Security
S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
Latest episode β listen now! (Or read the transcript if you prefer the text version.)
βΌ CVE-2022-36521 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.π Read
via "National Vulnerability Database".
β Firefox 104 is out β no critical bugs, but update anyway β
π Read
via "Naked Security".
Two trust-spoofing bugs were the main culprits this month - but neither one was a zero-day.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 'Sliver' Emerges as Cobalt Strike Alternative for Malicious C2 π΄
π Read
via "Dark Reading".
Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns.π Read
via "Dark Reading".
Dark Reading
'Sliver' Emerges as Cobalt Strike Alternative for Malicious C2
Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns.
β Ransomware Attacks are on the Rise β
π Read
via "Threat Post".
Lockbit is by far this summerβs most prolific ransomware group, trailed by two offshoots of the Conti group.π Read
via "Threat Post".
Threat Post
Ransomware Attacks are on the Rise
Lockbit is by far this summerβs most prolific ransomware group, trailed by two offshoots of the Conti group.
π Friday Five 8/26 π
π Read
via "".
Read about why Twitter is coming under fire, how a cybersecurity organization may have gone on the offensive, possible big changes coming for software vendors, and much more in this weekβs Friday Five!
π Read
via "".
π’ Snapchat settles for $35 million in Illinois biometrics lawsuit π’
π Read
via "ITPro".
The social media giant had been accused of improperly collecting, storing facial geometry in violation of state legislationπ Read
via "ITPro".
IT PRO
Snapchat settles for $35 million in Illinois biometrics lawsuit | IT PRO
The social media giant had been accused of improperly collecting, storing facial geometry in violation of state legislation
π’ SolarWinds hackers strike again with a new βMagicWebβ authentication exploit π’
π Read
via "ITPro".
Microsoft warns MagicWeb can abuse admin credentials to hijack AD FS enterprise identity systemπ Read
via "ITPro".
ITPro
SolarWinds hackers strike again with a new βMagicWebβ authentication exploit
Microsoft warns MagicWeb can abuse admin credentials to hijack AD FS enterprise identity system
π’ PyPI packages succumb to Mailchimp phishing scam π’
π Read
via "ITPro".
The news comes after "fairly convincing" phishing emails from a Mailchimp account swindled developers into revealing credentialsπ Read
via "ITPro".
IT PRO
PyPI packages succumb to Mailchimp phishing scam | IT PRO
The news comes after "fairly convincing" phishing emails from a Mailchimp account swindled developers into revealing credentials
π’ French telco giant Altice reportedly hit by Hive ransomware attack π’
π Read
via "ITPro".
Dark web listings indicate that the French multinational was attacked in early August, but the company has made no announcementπ Read
via "ITPro".
IT PRO
French telco giant Altice reportedly hit by Hive ransomware attack | IT PRO
Dark web listings indicate that the French multinational was attacked in early August, but the company has made no announcement
π’ Companies House reveals overhaul to WebFiling accounts system π’
π Read
via "ITPro".
Businesses will be able to control those with filing permissions more easily, as the new accounts mark a new streamlining of the government's digital filing requirementsπ Read
via "ITPro".
IT PRO
Companies House reveals overhaul to WebFiling accounts system | IT PRO
Businesses will be able to control those with filing permissions more easily, as the new accounts mark a new streamlining of the government's digital filing requirements