βΌ CVE-2022-42897 βΌ
π Read
via "National Vulnerability Database".
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2828 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20030 βΌ
π Read
via "National Vulnerability Database".
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.π Read
via "National Vulnerability Database".
π΄ What the Uber Breach Verdict Means for CISOs in the US π΄
π Read
via "Dark Reading".
Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.π Read
via "Dark Reading".
Dark Reading
What the Uber Breach Verdict Means for CISOs in the US
Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.
βΌ CVE-2022-38902 βΌ
π Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24697 βΌ
π Read
via "National Vulnerability Database".
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of ΓΒ’Γ’βΒ¬Γ
β-- conf=ΓΒ’Γ’βΒ¬? to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37208 (jfinal_cms) βΌ
π Read
via "National Vulnerability Database".
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42889 βΌ
π Read
via "National Vulnerability Database".
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35080 βΌ
π Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35081 βΌ
π Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.π Read
via "National Vulnerability Database".
ποΈ GitLab patches RCE bug in GitHub import function ποΈ
π Read
via "The Daily Swig".
Data importation mechanism failed to sanitize importsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab patches RCE bug in GitHub import function
Data importation mechanism failed to sanitize imports
π΄ Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report π΄
π Read
via "Dark Reading".
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.π Read
via "Dark Reading".
Dark Reading
Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.
π΄ State of Security Data Management 2022 Report Reveals Overconfidence Masks a Pervasive Data Problem π΄
π Read
via "Dark Reading".
Despite dozens of tools and external vendors, 2 in 3 organizations believe their data strategy isn't sustainable beyond three years, which could leave businesses vulnerable.π Read
via "Dark Reading".
Dark Reading
State of Security Data Management 2022 Report Reveals Overconfidence Masks a Pervasive Data Problem
Despite dozens of tools and external vendors, 2 in 3 organizations believe their data strategy isn't sustainable beyond three years, which could leave businesses vulnerable.
βΌ CVE-2022-41475 βΌ
π Read
via "National Vulnerability Database".
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41473 βΌ
π Read
via "National Vulnerability Database".
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41474 βΌ
π Read
via "National Vulnerability Database".
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41489 βΌ
π Read
via "National Vulnerability Database".
WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.π Read
via "National Vulnerability Database".
β Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange! β
π Read
via "Naked Security".
There's a zero-day patch, but it's not for the zero-day you thought.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text] β
π Read
via "Naked Security".
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...π Read
via "Naked Security".
Naked Security
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this weekβs podcast. Read or listen as suits you bestβ¦
π΄ Cyberattackers Spoof Google Translate in Unique Phishing Tactic π΄
π Read
via "Dark Reading".
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.π Read
via "Dark Reading".
Dark Reading
Cyberattackers Spoof Google Translate in Unique Phishing Tactic
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.
π΄ What You Need for a Strong Security Posture π΄
π Read
via "Dark Reading".
From the basics to advanced techniques, here's what you should know.π Read
via "Dark Reading".
Dark Reading
What You Need for a Strong Security Posture
From the basics to advanced techniques, here's what you should know.