π cryptmount Filesystem Manager 6.0 π
π Read
via "Packet Storm Security".
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.π Read
via "Packet Storm Security".
Packetstormsecurity
cryptmount Filesystem Manager 6.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNUnet P2P Framework 0.17.5 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.17.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Squiz Matrix CMS squashes admin account takeover bug ποΈ
π Read
via "The Daily Swig".
IDOR issue meant user account privileges and contact details could be alteredπ Read
via "The Daily Swig".
βΌ CVE-2022-3122 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3121 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38367 βΌ
π Read
via "National Vulnerability Database".
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.π Read
via "National Vulnerability Database".
π1
π’ TikTok reportedly suffers data breach π’
π Read
via "ITPro".
However, one researcher inspected some of the files and found it included publicly accessible data which could have been put together without a breachπ Read
via "ITPro".
IT PRO
TikTok reportedly suffers data breach | IT PRO
However, one researcher inspected some of the files and found it included publicly accessible data which could have been put together without a breach
π’ China implies Washington behind University hack π’
π Read
via "ITPro".
Northwestern Polytechnical Universityβs cyber espionage case further strains US-China relationsπ Read
via "ITPro".
IT PRO
China implies Washington behind University hack | IT PRO
Northwestern Polytechnical Universityβs cyber espionage case further strains US-China relations
π’ Microsoft Defender causes 'mass confusion' after legitimate apps trigger ransomware alerts π’
π Read
via "ITPro".
The broken update pushed to users on Sunday morning saw the likes of Teams, Slack, Chrome, and Edge all being confused with the dangerous Hive ransomware payloadsπ Read
via "ITPro".
ITPro
Microsoft Defender causes 'mass confusion' after legitimate apps trigger ransomware alerts
The broken update pushed to users on Sunday morning saw the likes of Teams, Slack, Chrome, and Edge all being confused with the dangerous Hive ransomware payloads
βΌ CVE-2022-2714 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2901 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.π Read
via "National Vulnerability Database".
π1
π΄ Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration π΄
π Read
via "Dark Reading".
Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.π Read
via "Dark Reading".
Dark Reading
Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration
Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.
β€1
π΄ Botnets in the Age of Remote Work π΄
π Read
via "Dark Reading".
Here are some strategies for protecting the business against botnets poised to take advantage of remote-work vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Botnets in the Age of Remote Work
Here are some strategies for protecting the business against botnets poised to take advantage of remote-work vulnerabilities.
π΄ Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing π΄
π Read
via "Dark Reading".
Investor participation from prior round demonstrates confidence in the company's current and future performance.π Read
via "Dark Reading".
Dark Reading
Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing
Investor participation from prior round demonstrates confidence in the company's current and future performance.
β Chrome and Edge fix zero-day security hole β update now! β
π Read
via "Naked Security".
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ The 3 Fundamentals of Building an Effective IoMT Security Strategy π΄
π Read
via "Dark Reading".
The high stakes and unique priorities for Internet of Medical Things devices require specialized cybersecurity strategies.π Read
via "Dark Reading".
Dark Reading
The 3 Fundamentals of Building an Effective IoMT Security Strategy
The high stakes and unique priorities for Internet of Medical Things devices require specialized cybersecurity strategies.
π΄ Internet Security & Encryption Pioneer Peter Eckersley Passes at 43 π΄
π Read
via "Dark Reading".
The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.π Read
via "Dark Reading".
Dark Reading
Internet Security & Encryption Pioneer Peter Eckersley Passes at 43
The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.
βΌ CVE-2022-40111 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37841 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37839 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36584 βΌ
π Read
via "National Vulnerability Database".
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf.π Read
via "National Vulnerability Database".