βΌ CVE-2022-31366 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42198 βΌ
π Read
via "National Vulnerability Database".
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42199 βΌ
π Read
via "National Vulnerability Database".
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.π Read
via "National Vulnerability Database".
π΄ Datadog Launches Cloud Security Management to Provide Cloud Native Application Protection π΄
π Read
via "Dark Reading".
Product brings together workload and infrastructure security into a single platform to provide a unified approach to protecting cloud environments.π Read
via "Dark Reading".
Dark Reading
Datadog Launches Cloud Security Management to Provide Cloud Native Application Protection
Product brings together workload and infrastructure security into a single platform to provide a unified approach to protecting cloud environments.
π΄ CyCognito Launches Next Generation of Exploit Intelligence Threat Remediation Platform π΄
π Read
via "Dark Reading".
External attack surface management leader unveils evolution of risk intelligence solution, including a virtual sandbox environment to safely validate steps to remediation.π Read
via "Dark Reading".
Dark Reading
CyCognito Launches Next Generation of Exploit Intelligence Threat Remediation Platform
External attack surface management leader unveils evolution of risk intelligence solution, including a virtual sandbox environment to safely validate steps to remediation.
π΄ SynSaber Adds New Dynamic Pipeline to OT Cybersecurity Platform π΄
π Read
via "Dark Reading".
ICS/OT cybersecurity and asset monitoring vendor improves scalability and flexibility with new update.π Read
via "Dark Reading".
Dark Reading
SynSaber Adds New Dynamic Pipeline to OT Cybersecurity Platform
ICS/OT cybersecurity and asset monitoring vendor improves scalability and flexibility with new update.
π΄ Corsa Security Drives Forward with Additional $10 Million Funding π΄
π Read
via "Dark Reading".
Latest investment to broaden integrations with top firewall vendors.π Read
via "Dark Reading".
Dark Reading
Corsa Security Drives Forward with Additional $10 Million Funding
Latest investment to broaden integrations with top firewall vendors.
π1
π΄ Only 4% of Security and IT Leaders Believe All of Their Cloud Data is Sufficiently Secured π΄
π Read
via "Dark Reading".
New cloud data survey from the Cloud Security Alliance and BigID sheds light on the state of cloud data security in 2022.π Read
via "Dark Reading".
Dark Reading
Only 4% of Security and IT Leaders Believe All of Their Cloud Data is Sufficiently Secured
New cloud data survey from the Cloud Security Alliance and BigID sheds light on the state of cloud data security in 2022.
π΄ New Torii Report Finds 60% of IT Leaders Donβt Know What Apps They Have π΄
π Read
via "Dark Reading".
Surprisingly poor cross-team collaboration leads to mismanaged SaaS, wasted money and time.π Read
via "Dark Reading".
Dark Reading
New Torii Report Finds 60% of IT Leaders Donβt Know What Apps They Have
Surprisingly poor cross-team collaboration leads to mismanaged SaaS, wasted money and time.
π Falco 0.33.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.33.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Anonos Secures $50 Million in IP-Backed Financing to Deliver Data Privacy Technology with 100% Accuracy and Utility to Data-Driven Enterprises π΄
π Read
via "Dark Reading".
Global data privacy software innovator will use growth funding, led by GT Investment Partners and facilitated by Aon, to fuel customer success and expand global partnerships, sales, marketing, and industry education.π Read
via "Dark Reading".
Dark Reading
Anonos Secures $50 Million in IP-Backed Financing to Deliver Data Privacy Technology with 100% Accuracy and Utility to Data-Drivenβ¦
Global data privacy software innovator will use growth funding, led by GT Investment Partners and facilitated by Aon, to fuel customer success and expand global partnerships, sales, marketing, and industry education.
ποΈ Microsoft Office Online Server open to SSRF-to-RCE exploit ποΈ
π Read
via "The Daily Swig".
Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice insteadπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft Office Online Server open to SSRF-to-RCE exploit
Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead
βΌ CVE-2022-42176 βΌ
π Read
via "National Vulnerability Database".
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40084 βΌ
π Read
via "National Vulnerability Database".
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42021 βΌ
π Read
via "National Vulnerability Database".
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.π Read
via "National Vulnerability Database".
β S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text] β
π Read
via "Naked Security".
The coolest video game ever! And lots of solid cybersecurity advice - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
The coolest video game ever! And lots of solid cybersecurity advice β listen now!
π1
π΄ Name That Toon: Witching Hour π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Witching Hour
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ 'FurBall' Spyware Being Used Against Iranian Citizens π΄
π Read
via "Dark Reading".
New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report.π Read
via "Dark Reading".
Dark Reading
'FurBall' Spyware Being Used Against Iranian Citizens
New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report.
π2
βΌ CVE-2020-9285 βΌ
π Read
via "National Vulnerability Database".
Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42344 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2069 βΌ
π Read
via "National Vulnerability Database".
The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".