βΌ CVE-2020-26856 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26862 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42156 βΌ
π Read
via "National Vulnerability Database".
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42159 βΌ
π Read
via "National Vulnerability Database".
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.π Read
via "National Vulnerability Database".
π΄ Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments π΄
π Read
via "Dark Reading".
The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.π Read
via "Dark Reading".
Dark Reading
Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments
The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.
π΄ Comprehensive Network Visibility Is Imperative for Zero-Trust Maturity π΄
π Read
via "Dark Reading".
Distrust and verify, because you can't protect what you can't see.π Read
via "Dark Reading".
Dark Reading
Comprehensive Network Visibility Is Imperative for Zero-Trust Maturity
Distrust and verify, because you can't protect what you can't see.
π1
π΄ Novel npm Timing Attack Allows Corporate Targeting π΄
π Read
via "Dark Reading".
A timing attack helps cyberattackers lob malicious code-bombs at corporate targets by cloning private package names.π Read
via "Dark Reading".
Dark Reading
Novel npm Timing Attack Allows Corporate Targeting
A timing attack helps cyberattackers lob malicious code-bombs at corporate targets by cloning private package names.
π΄ Quarter of Healthcare Ransomware Victims Forced to Halt Operations π΄
π Read
via "Dark Reading".
Trend Micro research reveals supply chains are key source of risk.π Read
via "Dark Reading".
Dark Reading
Quarter of Healthcare Ransomware Victims Forced to Halt Operations
Trend Micro research reveals supply chains are key source of risk.
π΄ Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreased Compared to Second Half of 2021 π΄
π Read
via "Dark Reading".
Nexusguard DDoS Statistical Report reveals key attack observations and analysis from the first half of 2022.π Read
via "Dark Reading".
Dark Reading
Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreasedβ¦
Nexusguard DDoS Statistical Report reveals key attack observations and analysis from the first half of 2022.
π΄ Armis Now Available on Google Cloud Marketplace π΄
π Read
via "Dark Reading".
Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.π Read
via "Dark Reading".
Dark Reading
Armis Now Available on Google Cloud Marketplace
Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.
π΄ HSBC and Silent Eight Expand Machine Learning Partnership π΄
π Read
via "Dark Reading".
Silent Eight announced an extension to its existing partnership with HSBC to tackle financial crime.π Read
via "Dark Reading".
Dark Reading
HSBC and Silent Eight Expand Machine Learning Partnership
Silent Eight announced an extension to its existing partnership with HSBC to tackle financial crime.
π΄ Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity π΄
π Read
via "Dark Reading".
At Next '22, Google Cloud announces updates to its trusted cloud ecosystem with new Sovereign Solutions initiative and partnerships spanning critical areas of cybersecurity.π Read
via "Dark Reading".
Dark Reading
Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity
At Next '22, Google Cloud announces updates to its trusted cloud ecosystem with new Sovereign Solutions initiative and partnerships spanning critical areas of cybersecurity.
βΌ CVE-2022-42719 βΌ
π Read
via "National Vulnerability Database".
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35612 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35944 βΌ
π Read
via "National Vulnerability Database".
October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39300 βΌ
π Read
via "National Vulnerability Database".
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39201 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34022 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35136 βΌ
π Read
via "National Vulnerability Database".
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39303 βΌ
π Read
via "National Vulnerability Database".
Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34021 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.π Read
via "National Vulnerability Database".