π΄ Cybersecurity Risks & Stats This Spooky Season π΄
π Read
via "Dark Reading".
From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Risks & Stats This Spooky Season
From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons.
ποΈ Critical authentication bug in Fortinet products actively exploited in the wild ποΈ
π Read
via "The Daily Swig".
Chinese and Russian cyber-spies actively targeting security vulnerabilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical authentication bug in Fortinet products actively exploited in the wild
Chinese and Russian cyber-spies actively targeting security vulnerability
π΄ MSP Market Opportunity Report Finds Cybersecurity as Primary Growth Driver as SMBs Lack Resources to Develop Security Program In-House π΄
π Read
via "Dark Reading".
New report shows 75% of MSPs will invest in security threat intelligence services in the next 12 months to help businesses combat increased threats.π Read
via "Dark Reading".
Dark Reading
MSP Market Opportunity Report Finds Cybersecurity as Primary Growth Driver as SMBs Lack Resources to Develop Security Program Inβ¦
New report shows 75% of MSPs will invest in security threat intelligence services in the next 12 months to help businesses combat increased threats.
ποΈ Melis Platform CMS patched for critical RCE flaw ποΈ
π Read
via "The Daily Swig".
POP chain crafted to demonstrate exploitabilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Melis Platform CMS patched for critical RCE flaw
POP chain crafted to demonstrate exploitability
π΄ Spyderbat Raises Series A to Deliver Runtime Security Throughout Cloud Native Software Development Environments π΄
π Read
via "Dark Reading".
Led by NTTVC, the funding enables further development of Cloud Native Intrusion Prevention from the team that invented Network Intrusion Prevention Systems.π Read
via "Dark Reading".
Dark Reading
Spyderbat Raises Series A to Deliver Runtime Security Throughout Cloud Native Software Development Environments
Led by NTTVC, the funding enables further development of Cloud Native Intrusion Prevention from the team that invented Network Intrusion Prevention Systems.
π΄ HR Departments Play a Key Role in Cybersecurity π΄
π Read
via "Dark Reading".
A more secure organization starts with stronger alignment between HR and the IT operation.π Read
via "Dark Reading".
Dark Reading
HR Departments Play a Key Role in Cybersecurity
A more secure organization starts with stronger alignment between HR and the IT operation.
π΄ Threat Groups Repurpose Banking Trojans into Backdoors π΄
π Read
via "Dark Reading".
Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.π Read
via "Dark Reading".
Dark Reading
Threat Groups Repurpose Banking Trojans into Backdoors
Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.
βΌ CVE-2022-3393 βΌ
π Read
via "National Vulnerability Database".
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3395 βΌ
π Read
via "National Vulnerability Database".
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35886 βΌ
π Read
via "National Vulnerability Database".
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32454 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3302 βΌ
π Read
via "National Vulnerability Database".
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35261 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32775 βΌ
π Read
via "National Vulnerability Database".
An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27622 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38198 βΌ
π Read
via "National Vulnerability Database".
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victimΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2762 βΌ
π Read
via "National Vulnerability Database".
The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3246 βΌ
π Read
via "National Vulnerability Database".
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribersπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38580 βΌ
π Read
via "National Vulnerability Database".
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30603 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34845 βΌ
π Read
via "National Vulnerability Database".
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".