βΌ CVE-2022-20955 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20822 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20811 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
β Online ticketing company βSeeβ pwned for 2.5 years by attackers β
π Read
via "Naked Security".
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Ransomware Gangs Ramp Up Industrial Attacks in US π΄
π Read
via "Dark Reading".
The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.π Read
via "Dark Reading".
Dark Reading
Ransomware Gangs Ramp Up Industrial Attacks in US
The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.
π΄ Why Retail Stores Are More Vulnerable Than Ever to Cybercrime π΄
π Read
via "Dark Reading".
When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year. Dakota Murphey explains why store owners and security managers need to also protect their physical locations from the cyber threat, too, however.π Read
via "Dark Reading".
Dark Reading
Why Retail Stores Are More Vulnerable Than Ever to Cybercrime
When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year. Dakota Murphey explains whyβ¦
βΌ CVE-2022-3705 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3704 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39348 βΌ
π Read
via "National Vulnerability Database".
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40703 βΌ
π Read
via "National Vulnerability Database".
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3363 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39355 βΌ
π Read
via "National Vulnerability Database".
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39286 βΌ
π Read
via "National Vulnerability Database".
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
π’ Hive ransomware group claims cyber attack on Indiaβs Tata Power π’
π Read
via "ITPro".
The Indian energy company reported last week that its IT systems were down, with customers reporting difficulties in paying their billsπ Read
via "ITPro".
ITPro
Hive ransomware group claims cyber attack on Indiaβs Tata Power
The Indian energy company reported last week that its IT systems were down, with customers reporting difficulties in paying their bills
π’ The ultimate guide to deleting yourself from social media π’
π Read
via "ITPro".
Worried about oversharing β or just want to kick the social media habit? Weβve outlined concrete steps you can take to delete your identity from the most popular sites and servicesπ Read
via "ITPro".
ITPro
The ultimate guide to deleting yourself from social media
Worried about oversharing β or just want to kick the social media habit? Weβve outlined concrete steps you can take to delete your identity from the most popular sites and services
π’ ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic π’
π Read
via "ITPro".
The new platform integration aims to reduce the amount of time security professionals spend on low-level analysis tasksπ Read
via "ITPro".
channelpro
ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic
The new platform integration aims to reduce the amount of time security professionals spend on low-level analysis tasks
π’ Palo Alto Networks expands NextWave partner network π’
π Read
via "ITPro".
The revamped initiative aims to help partners deliver incident response services built on Cortex XDRπ Read
via "ITPro".
channelpro
Palo Alto Networks expands NextWave partner network
The revamped initiative aims to help partners deliver incident response services built on Cortex XDR
π’ A strategic guide for controlling and securing your data π’
π Read
via "ITPro".
Forrester's data security control frameworkπ Read
via "ITPro".
ITPro
A strategic guide for controlling and securing your data
Forrester's data security control framework
π’ FTC orders Uber-owned Drizly to improve "lax" data protection approach following 2020 breach π’
π Read
via "ITPro".
The Uber subsidiary has been hit with an FTC complaint, as the agency looks to send a message to the wider industryπ Read
via "ITPro".
ITPro
FTC orders Uber-owned Drizly to improve "lax" data protection approach following 2020 breach
The Uber subsidiary has been hit with an FTC complaint, as the agency looks to send a message to the wider industry
π’ What is secure deletion? π’
π Read
via "ITPro".
Want to ensure your deleted data canβt be recovered and abused? We explore how secure deletion works, and how you can best protect your informationπ Read
via "ITPro".
ITPro
What is secure deletion?
Want to ensure your deleted data canβt be recovered and abused? We explore how secure deletion works, and how you can best protect your information
π’ Database and big data security π’
π Read
via "ITPro".
KuppingerCole 2021 Leadership Compass Reportπ Read
via "ITPro".
ITPro
Database and big data security
KuppingerCole 2021 Leadership Compass Report