βΌ CVE-2022-40817 βΌ
π Read
via "National Vulnerability Database".
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31367 βΌ
π Read
via "National Vulnerability Database".
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40816 βΌ
π Read
via "National Vulnerability Database".
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40354 βΌ
π Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40877 βΌ
π Read
via "National Vulnerability Database".
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the Γ’β¬ΛidΓ’β¬β’ parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23006 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37193 βΌ
π Read
via "National Vulnerability Database".
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.π Read
via "National Vulnerability Database".
π’ Infosec Partners announces new XZERO Early Warning System π’
π Read
via "ITPro".
New cyberattack detection service serves up real-time information on suspect activity and advance notice of imminent security incidentsπ Read
via "ITPro".
IT PRO
Infosec Partners announces new XZERO Early Warning System | IT PRO
New cyberattack detection service serves up real-time information on suspect activity and advance notice of imminent security incidents
π’ FARGO ransomware targets vulnerable Microsoft SQL servers in new wave of attacks π’
π Read
via "ITPro".
Victims who don't pay the ransom risk having their stolen files exposed on the threat actor's Telegram channelπ Read
via "ITPro".
ITPro
FARGO ransomware targets vulnerable Microsoft SQL servers in new wave of attacks
Victims who don't pay the ransom risk having their stolen files exposed on the threat actor's Telegram channel
π’ Australia looks to amend privacy rules following Optus data breach π’
π Read
via "ITPro".
The breach is currently being investigated by the Australian Federal Policeπ Read
via "ITPro".
IT PRO
Australia looks to amend privacy rules following Optus data breach | IT PRO
The breach is currently being investigated by the Australian Federal Police
π’ Vectra appoints Nuvias Group as sole UK distributor π’
π Read
via "ITPro".
The AI-based threat detection and response provider will leverage Nuviasβ 1,600-strong UK partner networkπ Read
via "ITPro".
IT PRO
Vectra appoints Nuvias Group as sole UK distributor | IT PRO
The AI-based threat detection and response provider will leverage Nuviasβ 1,600-strong UK partner network
π’ CIO Priorities: 2020 vs 2023 π’
π Read
via "ITPro".
Zero Trust, SaaS Security, and its impact on SD-WAN being a priorityπ Read
via "ITPro".
IT PRO
CIO Priorities: 2020 vs 2023
Zero Trust, SaaS Security, and its impact on SD-WAN being a priority
π’ 1.1 million Tesla cars recalled over software glitch π’
π Read
via "ITPro".
The mass recall is prompted by a flaw in the vehicles' automatic window reversal systemπ Read
via "ITPro".
IT PRO
1.1 million Tesla cars recalled over software glitch | IT PRO
The mass recall is prompted by a flaw in the vehicles' automatic window reversal system
π’ Fancy Bear hackers exploit PowerPoint files to spread Graphite malware π’
π Read
via "ITPro".
The ongoing attack reportedly targets entities in the defense and government sectors of the European Union and Eastern European nationsπ Read
via "ITPro".
IT PRO
Fancy Bear hackers exploit PowerPoint files to spread Graphite malware | IT PRO
The ongoing attack reportedly targets entities in the defense and government sectors of the European Union and Eastern European nations
π’ TikTok considers changes to data policies amid rising security concerns π’
π Read
via "ITPro".
The ByteDance-owned app also faces a potential Β£27m fine over privacy violationsπ Read
via "ITPro".
IT PRO
TikTok considers changes to data policies amid rising security concerns | IT PRO
The ByteDance-owned app also faces a potential Β£27m fine over privacy violations
π’ Mozilla patches high-severity security flaws in new βspeedyβ Firefox release π’
π Read
via "ITPro".
Numerous vulnerabilities across Mozilla's products could potentially lead to code execution and system takeoverπ Read
via "ITPro".
IT PRO
Mozilla patches high-severity security flaws in new βspeedyβ Firefox release | IT PRO
Numerous vulnerabilities across Mozilla's products could potentially lead to code execution and system takeover
π’ Cloudflare unveils first zero trust SIM for mobile devices π’
π Read
via "ITPro".
New wireless carrier program will also let carriers integrate Zero Trust security into existing corporate plansπ Read
via "ITPro".
IT PRO
Cloudflare unveils first zero trust SIM for mobile devices | IT PRO
New wireless carrier program will also let carriers integrate Zero Trust security into existing corporate plans
π’ GitHub alerts users to active phishing campaign π’
π Read
via "ITPro".
The attack revolves around counterfeit CircleCI notifications urging users to accept updated terms of use and privacy policyπ Read
via "ITPro".
IT PRO
GitHub alerts users to active phishing campaign | IT PRO
The attack revolves around counterfeit CircleCI notifications urging users to accept updated terms of use and privacy policy
π’ 35 cyber startups join largest UK government-backed accelerator π’
π Read
via "ITPro".
The startups will benefit from business masterclasses, mentoring and engineering support, and technical product development supportπ Read
via "ITPro".
IT PRO
35 cyber startups join largest UK government-backed accelerator | IT PRO
The startups will benefit from business masterclasses, mentoring and engineering support, and technical product development support
π’ GoTo Resolve Basic review: An SMB-friendly remote support service π’
π Read
via "ITPro".
This good-value hosted remote support service is ideal for SMBs that demand zero-trust access securityπ Read
via "ITPro".
IT PRO
GoTo Resolve Basic review: An SMB-friendly remote support service | IT PRO
This good-value hosted remote support service is ideal for SMBs that demand zero-trust access security
βΌ CVE-2022-32168 βΌ
π Read
via "National Vulnerability Database".
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.π Read
via "National Vulnerability Database".