π’ The sooner the FIDO Alliance can shut down passwords, the better π’
π Read
via "ITPro".
Passwords arenβt going anywhere, but that hasnβt stopped the dream of a passwordless future β and it seems that Apple, Google and Microsoft agreeπ Read
via "ITPro".
ITPro
The sooner the FIDO Alliance can shut down passwords, the better
Passwords arenβt going anywhere, but that hasnβt stopped the dream of a passwordless future β and it seems that Apple, Google and Microsoft agree
π’ UK outsourcer Interserve fined Β£4.4 million for litany of data protection failings π’
π Read
via "ITPro".
The numerous security blunders allowed cyber attackers to comprise its systems, install malware, and access the personal data of 113,000 of its staffπ Read
via "ITPro".
ITPro
UK outsourcer Interserve fined Β£4.4 million for litany of data protection failings
The numerous security blunders allowed cyber attackers to comprise its systems, install malware, and access the personal data of 113,000 of its staff
π’ The future of work is already here. Nowβs the time to secure it. π’
π Read
via "ITPro".
Robust security to protect and enable your businessπ Read
via "ITPro".
ITPro
The future of work is already here. Nowβs the time to secure it.
Robust security to protect and enable your business
π1
π’ Australia to increase maximum data breach penalty to $50 million π’
π Read
via "ITPro".
The country's government is looking to raise the maximum fine from $2 million AUD and introduce new legislation to handle cyber attacks betterπ Read
via "ITPro".
ITPro
Australia to increase maximum data breach penalty to $50 million
The country's government is looking to raise the maximum fine from $2 million AUD and introduce new legislation to handle cyber attacks better
β When cops hack back: Dutch police fleece DEADBOLT criminals (legally!) β
π Read
via "Naked Security".
Crooks: Show us the money! Cops: How about you show us the decryption keys first?π Read
via "Naked Security".
Naked Security
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
Crooks: Show us the money! Cops: How about you show us the decryption keys first?
βΌ CVE-2021-44769 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44776 βΌ
π Read
via "National Vulnerability Database".
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26731 βΌ
π Read
via "National Vulnerability Database".
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45925 βΌ
π Read
via "National Vulnerability Database".
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42010 βΌ
π Read
via "National Vulnerability Database".
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38117 βΌ
π Read
via "National Vulnerability Database".
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt usersΓ’β¬β’ ciphertext and tamper with it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39314 βΌ
π Read
via "National Vulnerability Database".
Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46279 βΌ
π Read
via "National Vulnerability Database".
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36368 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41799 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26732 βΌ
π Read
via "National Vulnerability Database".
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43680 βΌ
π Read
via "National Vulnerability Database".
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41797 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39313 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41986 βΌ
π Read
via "National Vulnerability Database".
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26729 βΌ
π Read
via "National Vulnerability Database".
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".