📢 IT Pro News: Medibank cyber attack, Microsoft record cloud revenue, See Tickets data breach 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
ITPro
IT Pro News: Medibank cyber attack, Microsoft record cloud revenue, See Tickets data breach
Catch up on the biggest headlines of the week in just two minutes
📢 UK police fails ethical tests with "unlawful" facial recognition deployments 📢
📖 Read
via "ITPro".
A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings📖 Read
via "ITPro".
ITPro
UK police fails ethical tests with "unlawful" facial recognition deployments
A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings
📢 Real-time deepfakes are becoming a serious threat 📢
📖 Read
via "ITPro".
Video calls between leading politicians and the deepfaked mayor of Kyiv, Vitali Klitschko, will raise new trust issues📖 Read
via "ITPro".
ITPro
Real-time deepfakes are becoming a serious threat
Video calls between leading politicians and the deepfaked mayor of Kyiv, Vitali Klitschko, will raise new trust issues
📢 Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware 📢
📖 Read
via "ITPro".
The worm was first reported in May 2022 and has evolved into one of the largest malware distribution platforms currently active📖 Read
via "ITPro".
ITPro
Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware
The worm was first reported in May 2022 and has evolved into one of the largest malware distribution platforms currently active
⚠ Psychotherapy extortion suspect: arrest warrant issued ⚠
📖 Read
via "Naked Security".
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.📖 Read
via "Naked Security".
Naked Security
Psychotherapy extortion suspect: arrest warrant issued
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
‼ CVE-2022-3360 ‼
📖 Read
via "National Vulnerability Database".
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2190 ‼
📖 Read
via "National Vulnerability Database".
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3380 ‼
📖 Read
via "National Vulnerability Database".
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3774 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3440 ‼
📖 Read
via "National Vulnerability Database".
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2627 ‼
📖 Read
via "National Vulnerability Database".
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3408 ‼
📖 Read
via "National Vulnerability Database".
The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3334 ‼
📖 Read
via "National Vulnerability Database".
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3374 ‼
📖 Read
via "National Vulnerability Database".
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3420 ‼
📖 Read
via "National Vulnerability Database".
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3773 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in EmbedPress Plugin and classified as problematic. Affected by this vulnerability is an unknown functionality of the file post.php of the component Shortcode Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212503.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40241 ‼
📖 Read
via "National Vulnerability Database".
xfig 3.2.7 is vulnerable to Buffer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3254 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3419 ‼
📖 Read
via "National Vulnerability Database".
The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-3357 ‼
📖 Read
via "National Vulnerability Database".
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3441 ‼
📖 Read
via "National Vulnerability Database".
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".