π Nmap Port Scanner 7.93 π
π Read
via "Packet Storm Security".
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.π Read
via "Packet Storm Security".
Packetstormsecurity
Nmap Port Scanner 7.93 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNU Privacy Guard 2.2.39 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.39 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Hashcat Advanced Password Recovery 6.2.6 Source Code π
π Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.6 Source Code β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Bug Bounty Radar // The latest bug bounty programs for September 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for September 2022
New web targets for the discerning hacker
βΌ CVE-2022-3065 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34382 βΌ
π Read
via "National Vulnerability Database".
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2020-22669 βΌ
π Read
via "National Vulnerability Database".
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34371 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27693 βΌ
π Read
via "National Vulnerability Database".
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34378 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36071 βΌ
π Read
via "National Vulnerability Database".
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34369 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36754 βΌ
π Read
via "National Vulnerability Database".
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29260 βΌ
π Read
via "National Vulnerability Database".
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().π Read
via "National Vulnerability Database".
βΌ CVE-2022-36642 βΌ
π Read
via "National Vulnerability Database".
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36647 βΌ
π Read
via "National Vulnerability Database".
PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269.π Read
via "National Vulnerability Database".
π’ REvil claims ransomware attack on multi-billion-dollar manufacturing giant Midea Group π’
π Read
via "ITPro".
The once-dominant ransomware group resurfaced in April but has now claimed an attack on the biggest company since its heydayπ Read
via "ITPro".
IT PRO
REvil claims ransomware attack on multi-billion-dollar manufacturing giant Midea Group | IT PRO
The one-dominant ransomware group resurfaced in April but has now claimed an attack on the biggest company since its heyday
π’ US imposes sanctions on Nvidia's chip sales in China π’
π Read
via "ITPro".
New export rules are intended to thwart Chinaβs efforts to use AI computing chips for military purposesπ Read
via "ITPro".
IT PRO
US imposes sanctions on Nvidia's chip sales in China | IT PRO
New export rules are intended to thwart Chinaβs efforts to use AI computing chips for military purposes
π’ Asian businesses overhaul their approach to cyber security following attacks π’
π Read
via "ITPro".
Organisations in Singapore and Malaysia are also impacted by the introduction of tighter regulations and legislations around cyber securityπ Read
via "ITPro".
IT PRO
Asian businesses overhaul their approach to cyber security following attacks | IT PRO
Organisations in Singapore and Malaysia are also impacted by the introduction of tighter regulations and legislations around cyber security
π’ What is the Computer Misuse Act? π’
π Read
via "ITPro".
If your computer systems are attacked, is the law effective enough to put those criminals behind bars?π Read
via "ITPro".
ITPro
What is the Computer Misuse Act?
If your computer systems are attacked, is the law effective enough to put those criminals behind bars?
π’ Podcast transcript: What did we learn from WannaCry? π’
π Read
via "ITPro".
Read the full transcript for this episode of the IT Pro Podcastπ Read
via "ITPro".
IT PRO
Podcast transcript: What did we learn from WannaCry? | IT PRO
Read the full transcript for this episode of the IT Pro Podcast