π’ Database and big data security π’
π Read
via "ITPro".
KuppingerCole 2021 Leadership Compass Reportπ Read
via "ITPro".
ITPro
Database and big data security
KuppingerCole 2021 Leadership Compass Report
π’ Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws π’
π Read
via "ITPro".
The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code executionπ Read
via "ITPro".
ITPro
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws
The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code execution
π’ Building a better password strategy for your business π’
π Read
via "ITPro".
Exploring the strategies and exploits that hackers are using to circumvent password security measuresπ Read
via "ITPro".
ITPro
Building a better password strategy for your business
Exploring the strategies and exploits that hackers are using to circumvent password security measures
π’ Medibank reveals damning extent of hack that could cost $35 million π’
π Read
via "ITPro".
The company disclosed that the attackers also had access to all of its circa 3.9 million customers' records, equivalent to 15% of the nationβs populationπ Read
via "ITPro".
ITPro
Medibank reveals damning extent of hack that could cost $35 million
The company disclosed that the attackers also had access to all of its circa 3.9 million customers' records, equivalent to 15% of the nationβs population
β Online ticketing company βSeeβ pwned for 2.5 years by attackers β
π Read
via "Naked Security".
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-3719 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3716 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25918 βΌ
π Read
via "National Vulnerability Database".
The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3714 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3717 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45476 βΌ
π Read
via "National Vulnerability Database".
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45475 βΌ
π Read
via "National Vulnerability Database".
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3718 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2508 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2782 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.π Read
via "National Vulnerability Database".
π1
π Wireshark Analyzer 4.0.1 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNUnet P2P Framework 0.18.0 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.18.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ GitHub patches bug that could allow access to another userβs repo ποΈ
π Read
via "The Daily Swig".
Renaming accounts opened the door to hijackingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitHub patches bug that could allow access to another userβs repo
Renaming accounts opened the door to hijacking
βΌ CVE-2022-2809 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36182 βΌ
π Read
via "National Vulnerability Database".
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3409 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.π Read
via "National Vulnerability Database".