βΌ CVE-2022-36088 βΌ
π Read
via "National Vulnerability Database".
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36585 βΌ
π Read
via "National Vulnerability Database".
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19914 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38247 βΌ
π Read
via "National Vulnerability Database".
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.π Read
via "National Vulnerability Database".
π1
π’ Signal hires former Google manager Meredith Whittaker as first president π’
π Read
via "ITPro".
An outspoken critic of the dangers of AI, Whittaker promises to keep Signal users out of tech giants' "surveillant gaze"π Read
via "ITPro".
IT PRO
Signal hires former Google manager Meredith Whittaker as first president | IT PRO
An outspoken critic of the dangers of AI, Whittaker promises to keep Signal users out of tech giants' "surveillant gaze"
π1
π’ German firms beef up cyber security to stay ahead of new threats π’
π Read
via "ITPro".
Ongoing Russia-Ukraine war increased digitisation, and disruptions from COVID-19 call for advanced security tools and servicesπ Read
via "ITPro".
IT PRO
German firms beef up cyber security to stay ahead of new threats | IT PRO
Ongoing Russia-Ukraine war increased digitisation, and disruptions from COVID-19 call for advanced security tools and services
π’ Sophos: Retail organisations pay significantly less in ransomware attacks π’
π Read
via "ITPro".
It's a game of volume in retail since despite being the second-most targeted industry, the average payment per case is well below the industry averageπ Read
via "ITPro".
IT PRO
Sophos: Retail organisations pay significantly less in ransomware attacks | IT PRO
It's a game of volume in retail since despite being the second-most targeted industry, the average payment per case is well below the industry average
π’ Second-largest US school district falls to ransomware attack π’
π Read
via "ITPro".
Los Angeles Unified School District detected βunusual activityβ across its IT systems over the weekendπ Read
via "ITPro".
IT PRO
Second-largest US school district falls to ransomware attack | IT PRO
Los Angeles Unified School District detected βunusual activityβ across its IT systems over the weekend
π’ Japan investigates potential Russian Killnet cyber attacks π’
π Read
via "ITPro".
The hacker group has said itβs revolting against the countryβs militarism and that itβs βkicking the samuraiβπ Read
via "ITPro".
IT PRO
Japan investigates potential Russian Killnet cyber attacks | IT PRO
The hacker group has said itβs revolting against the countryβs militarism and that itβs βkicking the samuraiβ
π’ Instagram slapped with β¬405 million GDPR fine over breaches π’
π Read
via "ITPro".
The social media platform becomes the third Meta-owned company to be hit with privacy penaltyπ Read
via "ITPro".
IT PRO
Instagram slapped with β¬405 million GDPR fine over breaches | IT PRO
The social media platform becomes the third Meta-owned company to be hit with privacy penalty
π’ TikTok refutes allegations of a massive security breach π’
π Read
via "ITPro".
The alleged hack compromised account details of over two billion TikTok usersπ Read
via "ITPro".
IT PRO
TikTok refutes allegations of a massive security breach | IT PRO
The alleged hack compromised account details of over two billion TikTok users
π’ InterContinental Hotels Group confirms cyber attack, experts suggest ransomware π’
π Read
via "ITPro".
Customers had been reporting issues with reservations for days and security experts have sparked discussions of a more serious incidentπ Read
via "ITPro".
IT PRO
InterContinental Hotels Group confirms cyber attack, experts suggest ransomware | IT PRO
Customers had been reporting issues with reservations for days and security experts have sparked discussions of a more serious incident
π’ 'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware π’
π Read
via "ITPro".
More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damageπ Read
via "ITPro".
IT PRO
'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware | IT PRO
More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage
π’ Exclusive Networks hires Paul Eccleston as new UK&I managing director π’
π Read
via "ITPro".
The experienced business leader will look to drive the cyber security specialistβs next phase of growthπ Read
via "ITPro".
IT PRO
Exclusive Networks hires Paul Eccleston as new UK&I Managing Director | IT PRO
Experienced business leader will look to drive the cybersecurity specialistβs next phase of growth
π’ Bus and rail operator Go-Ahead Group confirms "cyber security incident" π’
π Read
via "ITPro".
The public transport giant has been tight-lipped on the nature of the supposed attack but has tasked IBM with helping it recoverπ Read
via "ITPro".
IT PRO
Bus and rail operator Go-Ahead Group confirms "cyber security incident" | IT PRO
The public transport giant has been tight-lipped on the nature of the supposed attack but has tasked IBM with helping it recover
π’ QNAP fixes zero-day vulnerability following Deadbolt ransomware attack π’
π Read
via "ITPro".
The occurrence of the attack is the fourth in this year's Deadbolt attack seriesπ Read
via "ITPro".
ITPro
QNAP fixes zero-day vulnerability following Deadbolt ransomware attack
The occurrence of the attack is the fourth in this year's Deadbolt attack series
π’ Samsung confirms it was hit by a data breach π’
π Read
via "ITPro".
The security incident exposed customersβ personally identifiable informationπ Read
via "ITPro".
IT PRO
Samsung confirms it was hit by a data breach | IT PRO
The security incident exposed customersβ personally identifiable information
π€―2π±1
βΌ CVE-2022-25914 βΌ
π Read
via "National Vulnerability Database".
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38394 βΌ
π Read
via "National Vulnerability Database".
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25897 βΌ
π Read
via "National Vulnerability Database".
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28220 βΌ
π Read
via "National Vulnerability Database".
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.π Read
via "National Vulnerability Database".