π’ 'Vast majority' of mobile apps found leaking AWS credentials are on iOS π’
π Read
via "ITPro".
Only 2% of the apps that were found to be leaking hard-coded AWS credentials were on the Android platform, research has shownπ Read
via "ITPro".
IT PRO
'Vast majority' of mobile apps found leaking AWS credentials are on iOS | IT PRO
Only 2% of the apps that were found to be leaking hard-coded AWS credentials were on the Android platform, research has shown
π’ Apple breaks update policy to secure older iPhones and iPads against zero-day π’
π Read
via "ITPro".
It's been four years since the company patched an end-of-life device against a major vulnerabilityπ Read
via "ITPro".
ITPro
Apple breaks update policy to secure older iPhones and iPads against zero-day
It's been four years since the company patched an end-of-life device against a major vulnerability
π’ Hitachi announces major restructure of US subsidiaries π’
π Read
via "ITPro".
The company cited improved managed services as a chief benefit of the change, which will also affect Canadian and Indian offshootπ Read
via "ITPro".
IT PRO
Hitachi announces major restructure of US subsidiaries | IT PRO
The company cited improved managed services as a chief benefit of the change, which will also affect Canadian and Indian offshoot
π1
π’ How quantum computing could change cyber security π’
π Read
via "ITPro".
The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum futureπ Read
via "ITPro".
IT PRO
How quantum computing could change cyber security | IT PRO
The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum future
βΌ CVE-2022-3099 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0359.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3118 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βοΈ Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire βοΈ
π Read
via "Krebs on Security".
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes -- including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.π Read
via "Krebs on Security".
Krebs on Security
Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say theβ¦
βΌ CVE-2022-39829 βΌ
π Read
via "National Vulnerability Database".
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39196 βΌ
π Read
via "National Vulnerability Database".
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39830 βΌ
π Read
via "National Vulnerability Database".
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39828 βΌ
π Read
via "National Vulnerability Database".
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39824 βΌ
π Read
via "National Vulnerability Database".
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2597 βΌ
π Read
via "National Vulnerability Database".
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layoutsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3127 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2376 βΌ
π Read
via "National Vulnerability Database".
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated usersπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2830 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2657 βΌ
π Read
via "National Vulnerability Database".
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRFπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2271 βΌ
π Read
via "National Vulnerability Database".
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-2083 βΌ
π Read
via "National Vulnerability Database".
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2543 βΌ
π Read
via "National Vulnerability Database".
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layoutsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2565 βΌ
π Read
via "National Vulnerability Database".
The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against adminsπ Read
via "National Vulnerability Database".