βΌ CVE-2022-29922 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*π Read
via "National Vulnerability Database".
βΌ CVE-2022-2277 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*π Read
via "National Vulnerability Database".
βοΈ Say Hello to Crazy Thin βDeep Insertβ ATM Skimmers βοΈ
π Read
via "Krebs on Security".
A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here's a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.π Read
via "Krebs on Security".
Krebs on Security
Say Hello to Crazy Thin βDeep Insertβ ATM Skimmers
A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are pairedβ¦
π2
π’ Infinigate becomes sole distributor of the Cybereason Defense Platform in Europe π’
π Read
via "ITPro".
Exclusive distribution agreement aims to help more organisations detect and respond to cyberattacks at speed and scaleπ Read
via "ITPro".
IT PRO
Infinigate becomes sole distributor of the Cybereason Defense Platform in Europe | IT PRO
Exclusive distribution agreement aims to help more organisations detect and respond to cyberattacks at speed and scale
π’ Cisco confirms data breach following Yanluowang ransomware attack in May π’
π Read
via "ITPro".
The tech giant insists its business was unaffected by the attackπ Read
via "ITPro".
IT PRO
Cisco confirms data breach following Yanluowang ransomware attack in May | IT PRO
The tech giant insists its business was unaffected by the attack
π’ Gartner: Most businesses are dropping security vendors to improve cyber resiliency π’
π Read
via "ITPro".
The vast majority of organisations around the world are pursuing vendor consolidation to improve security and decrease complexityπ Read
via "ITPro".
IT PRO
Gartner: Most businesses are dropping security vendors to improve cyber resiliency | IT PRO
The vast majority of organisations around the world are pursuing vendor consolidation to improve security and decrease complexity
π’ Apple patches yet another zero-day flaw in substantial security update π’
π Read
via "ITPro".
The updates include fixes for kernel-level code execution bugs, privacy issues, and more - all impacting iPhone and iPad usersπ Read
via "ITPro".
ITPro
Apple patches yet another zero-day flaw in substantial security update
The updates include fixes for kernel-level code execution bugs, privacy issues, and more - all impacting iPhone and iPad users
π’ US Commerce Department inks deal with Google to develop chips for researchers π’
π Read
via "ITPro".
The news breaks weeks after the US restricted CHIPS-funded companies' investments in Chinaπ Read
via "ITPro".
IT PRO
US Commerce Department inks deal with Google to develop chips for researchers | IT PRO
The news breaks weeks after the US restricted CHIPS-funded companies' investments in China
π’ Sophos XGS 116 review: A small and mighty appliance π’
π Read
via "ITPro".
This clever and compact security gateway brings outstanding security and remote management features at a tempting priceπ Read
via "ITPro".
IT PRO
Sophos XGS 116 review: A small and mighty appliance | IT PRO
This clever and compact security gateway brings outstanding security and remote management features at a tempting price
π’ Exertis Enterprise announces expanded Progress partnership π’
π Read
via "ITPro".
Distributor moves to strengthen NetSecOps in the UK with availability of Progress WhatsUp Gold and Progress Flowmonπ Read
via "ITPro".
IT PRO
Exertis Enterprise announces expanded Progress partnership | IT PRO
Distributor moves to strengthen NetSecOps in the UK with availability of Progress WhatsUp Gold and Progress Flowmon
π’ U-Haul data breach exposes customer data π’
π Read
via "ITPro".
Despite the scope of the attack, the company affirmed the hack did not compromise customersβ payment card informationπ Read
via "ITPro".
IT PRO
U-Haul data breach exposes customer data | IT PRO
Despite the scope of the attack, the company affirmed the hack did not compromise customersβ payment card information
π’ Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday π’
π Read
via "ITPro".
Several issues in the monthly update require 'urgent' attention but September's Patch Tuesday only brings around half the fixes that came in Augustπ Read
via "ITPro".
ITPro
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Several issues in the monthly update require 'urgent' attention but September's Patch Tuesday only brings around half the fixes that came in August
π’ Trend Micro cautions against actively exploited Apex One RCE vulnerability π’
π Read
via "ITPro".
The firm also patched a high severity security flaw that lets perpetrators bypass authenticationπ Read
via "ITPro".
IT PRO
Trend Micro cautions against actively exploited Apex One RCE vulnerability | IT PRO
The firm also patched a high severity security flaw that lets perpetrators bypass authentication
π’ WordPress plugin vulnerability leaves sites open to total takeover π’
π Read
via "ITPro".
Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delayπ Read
via "ITPro".
IT PRO
WordPress plugin vulnerability leaves sites open to total takeover | IT PRO
Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delay
βΌ CVE-2022-40734 βΌ
π Read
via "National Vulnerability Database".
UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36603 βΌ
π Read
via "National Vulnerability Database".
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3221 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3222 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31735 βΌ
π Read
via "National Vulnerability Database".
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.π Read
via "National Vulnerability Database".
ποΈ WAPPLES web application firewall faulted for multiple flaws ποΈ
π Read
via "The Daily Swig".
Researcher uncovers RCE and undocumented backdoor risksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
WAPPLES web application firewall faulted for multiple flaws
Researcher uncovers RCE and undocumented backdoor risks
ποΈ Open source CMS TYPO3 tackles XSS vulnerability ποΈ
π Read
via "The Daily Swig".
Bug spawned by parsing problem in upstream packageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open source CMS TYPO3 tackles XSS vulnerability
Bug spawned by parsing problem in upstream package