π΄ Quarter of Healthcare Ransomware Victims Forced to Halt Operations π΄
π Read
via "Dark Reading".
Trend Micro research reveals supply chains are key source of risk.π Read
via "Dark Reading".
Dark Reading
Quarter of Healthcare Ransomware Victims Forced to Halt Operations
Trend Micro research reveals supply chains are key source of risk.
π΄ Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreased Compared to Second Half of 2021 π΄
π Read
via "Dark Reading".
Nexusguard DDoS Statistical Report reveals key attack observations and analysis from the first half of 2022.π Read
via "Dark Reading".
Dark Reading
Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreasedβ¦
Nexusguard DDoS Statistical Report reveals key attack observations and analysis from the first half of 2022.
π΄ Armis Now Available on Google Cloud Marketplace π΄
π Read
via "Dark Reading".
Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.π Read
via "Dark Reading".
Dark Reading
Armis Now Available on Google Cloud Marketplace
Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.
π΄ HSBC and Silent Eight Expand Machine Learning Partnership π΄
π Read
via "Dark Reading".
Silent Eight announced an extension to its existing partnership with HSBC to tackle financial crime.π Read
via "Dark Reading".
Dark Reading
HSBC and Silent Eight Expand Machine Learning Partnership
Silent Eight announced an extension to its existing partnership with HSBC to tackle financial crime.
π΄ Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity π΄
π Read
via "Dark Reading".
At Next '22, Google Cloud announces updates to its trusted cloud ecosystem with new Sovereign Solutions initiative and partnerships spanning critical areas of cybersecurity.π Read
via "Dark Reading".
Dark Reading
Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity
At Next '22, Google Cloud announces updates to its trusted cloud ecosystem with new Sovereign Solutions initiative and partnerships spanning critical areas of cybersecurity.
βΌ CVE-2022-42719 βΌ
π Read
via "National Vulnerability Database".
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35612 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35944 βΌ
π Read
via "National Vulnerability Database".
October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39300 βΌ
π Read
via "National Vulnerability Database".
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39201 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34022 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35136 βΌ
π Read
via "National Vulnerability Database".
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39303 βΌ
π Read
via "National Vulnerability Database".
Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34021 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35135 βΌ
π Read
via "National Vulnerability Database".
Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41390 βΌ
π Read
via "National Vulnerability Database".
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35611 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31130 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39229 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana userΓ’β¬β’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`Γ’β¬β’s email address. This prevents `user_1` logging into the application since `user_1`'s password wonΓ’β¬β’t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41391 βΌ
π Read
via "National Vulnerability Database".
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39295 βΌ
π Read
via "National Vulnerability Database".
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".