ποΈ Microsoft Office Online Server open to SSRF-to-RCE exploit ποΈ
π Read
via "The Daily Swig".
Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice insteadπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft Office Online Server open to SSRF-to-RCE exploit
Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead
βΌ CVE-2022-42176 βΌ
π Read
via "National Vulnerability Database".
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40084 βΌ
π Read
via "National Vulnerability Database".
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42021 βΌ
π Read
via "National Vulnerability Database".
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.π Read
via "National Vulnerability Database".
β S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text] β
π Read
via "Naked Security".
The coolest video game ever! And lots of solid cybersecurity advice - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
The coolest video game ever! And lots of solid cybersecurity advice β listen now!
π1
π΄ Name That Toon: Witching Hour π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Witching Hour
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ 'FurBall' Spyware Being Used Against Iranian Citizens π΄
π Read
via "Dark Reading".
New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report.π Read
via "Dark Reading".
Dark Reading
'FurBall' Spyware Being Used Against Iranian Citizens
New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report.
π2
βΌ CVE-2020-9285 βΌ
π Read
via "National Vulnerability Database".
Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42344 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2069 βΌ
π Read
via "National Vulnerability Database".
The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3577 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds memory write flaw was found in the Linux kernelΓ’β¬β’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42233 βΌ
π Read
via "National Vulnerability Database".
Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.π Read
via "National Vulnerability Database".
π΄ 4 Ways To Achieve Comprehensive Security π΄
π Read
via "Dark Reading".
Zero trust protects identities, endpoints, applications, networks, infrastructure, and data, and can be implemented in different ways.π Read
via "Dark Reading".
Dark Reading
4 Ways To Achieve Comprehensive Security
Zero trust protects identities, endpoints, applications, networks, infrastructure, and data, and can be implemented in different ways.
βοΈ Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn βοΈ
π Read
via "Krebs on Security".
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.π Read
via "Krebs on Security".
Krebs on Security
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment atβ¦
π΄ Brazilian Police Nab Suspected Member of Lapsus$ Group π΄
π Read
via "Dark Reading".
Lapsus$ Group became a top target after it breached the Brazilian Ministry of Health, among other targets.π Read
via "Dark Reading".
Dark Reading
Brazilian Police Nab Suspected Member of Lapsus$ Group
Lapsus$ Group became a top target after it breached the Brazilian Ministry of Health, among other targets.
π΄ Hardware Makers Standardize Server Chip Security With Caliptra π΄
π Read
via "Dark Reading".
The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD.π Read
via "Dark Reading".
Dark Reading
Hardware Makers Standardize Server Chip Security With Caliptra
The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD.
βΌ CVE-2022-3623 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37453 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3621 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39823 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free errorπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36958 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.π Read
via "National Vulnerability Database".