βΌ CVE-2022-36071 βΌ
π Read
via "National Vulnerability Database".
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34369 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36754 βΌ
π Read
via "National Vulnerability Database".
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29260 βΌ
π Read
via "National Vulnerability Database".
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().π Read
via "National Vulnerability Database".
βΌ CVE-2022-36642 βΌ
π Read
via "National Vulnerability Database".
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36647 βΌ
π Read
via "National Vulnerability Database".
PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269.π Read
via "National Vulnerability Database".
π’ REvil claims ransomware attack on multi-billion-dollar manufacturing giant Midea Group π’
π Read
via "ITPro".
The once-dominant ransomware group resurfaced in April but has now claimed an attack on the biggest company since its heydayπ Read
via "ITPro".
IT PRO
REvil claims ransomware attack on multi-billion-dollar manufacturing giant Midea Group | IT PRO
The one-dominant ransomware group resurfaced in April but has now claimed an attack on the biggest company since its heyday
π’ US imposes sanctions on Nvidia's chip sales in China π’
π Read
via "ITPro".
New export rules are intended to thwart Chinaβs efforts to use AI computing chips for military purposesπ Read
via "ITPro".
IT PRO
US imposes sanctions on Nvidia's chip sales in China | IT PRO
New export rules are intended to thwart Chinaβs efforts to use AI computing chips for military purposes
π’ Asian businesses overhaul their approach to cyber security following attacks π’
π Read
via "ITPro".
Organisations in Singapore and Malaysia are also impacted by the introduction of tighter regulations and legislations around cyber securityπ Read
via "ITPro".
IT PRO
Asian businesses overhaul their approach to cyber security following attacks | IT PRO
Organisations in Singapore and Malaysia are also impacted by the introduction of tighter regulations and legislations around cyber security
π’ What is the Computer Misuse Act? π’
π Read
via "ITPro".
If your computer systems are attacked, is the law effective enough to put those criminals behind bars?π Read
via "ITPro".
ITPro
What is the Computer Misuse Act?
If your computer systems are attacked, is the law effective enough to put those criminals behind bars?
π’ Podcast transcript: What did we learn from WannaCry? π’
π Read
via "ITPro".
Read the full transcript for this episode of the IT Pro Podcastπ Read
via "ITPro".
IT PRO
Podcast transcript: What did we learn from WannaCry? | IT PRO
Read the full transcript for this episode of the IT Pro Podcast
π’ The IT Pro Podcast: What did we learn from WannaCry? π’
π Read
via "ITPro".
Five years on, WannaCry still remains one of the most impactful security incidents in recent memoryπ Read
via "ITPro".
IT PRO
The IT Pro Podcast: What did we learn from WannaCry? | IT PRO
Five years on, WannaCry still remains one of the most impactful security incidents in recent memory
π’ 'Vast majority' of mobile apps found leaking AWS credentials are on iOS π’
π Read
via "ITPro".
Only 2% of the apps that were found to be leaking hard-coded AWS credentials were on the Android platform, research has shownπ Read
via "ITPro".
IT PRO
'Vast majority' of mobile apps found leaking AWS credentials are on iOS | IT PRO
Only 2% of the apps that were found to be leaking hard-coded AWS credentials were on the Android platform, research has shown
π’ Apple breaks update policy to secure older iPhones and iPads against zero-day π’
π Read
via "ITPro".
It's been four years since the company patched an end-of-life device against a major vulnerabilityπ Read
via "ITPro".
ITPro
Apple breaks update policy to secure older iPhones and iPads against zero-day
It's been four years since the company patched an end-of-life device against a major vulnerability
π’ Hitachi announces major restructure of US subsidiaries π’
π Read
via "ITPro".
The company cited improved managed services as a chief benefit of the change, which will also affect Canadian and Indian offshootπ Read
via "ITPro".
IT PRO
Hitachi announces major restructure of US subsidiaries | IT PRO
The company cited improved managed services as a chief benefit of the change, which will also affect Canadian and Indian offshoot
π1
π’ How quantum computing could change cyber security π’
π Read
via "ITPro".
The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum futureπ Read
via "ITPro".
IT PRO
How quantum computing could change cyber security | IT PRO
The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum future
βΌ CVE-2022-3099 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0359.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3118 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βοΈ Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire βοΈ
π Read
via "Krebs on Security".
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes -- including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.π Read
via "Krebs on Security".
Krebs on Security
Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say theβ¦
βΌ CVE-2022-39829 βΌ
π Read
via "National Vulnerability Database".
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39196 βΌ
π Read
via "National Vulnerability Database".
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.π Read
via "National Vulnerability Database".