βΌ CVE-2022-41676 βΌ
π Read
via "National Vulnerability Database".
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43326 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45202 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4202 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ How the Cloud Changed Digital Forensics Investigations π΄
π Read
via "Dark Reading".
The enterprise's shift to the cloud means digital forensics investigators have had to adopt new remote techniques and develop custom tools to uncover and process evidence off compromised devices.π Read
via "Dark Reading".
Dark Reading
How the Cloud Changed Digital Forensics Investigations
The enterprise's shift to the cloud means digital forensics investigators have had to adopt new remote techniques and develop custom tools to uncover and process evidence off compromised devices.
π΄ What Every Enterprise Can Learn From Russiaβs Cyber Assault on Ukraine π΄
π Read
via "Dark Reading".
Once isolated occurrences, nation-state attacks are now commonplace; security professionals should know the elements of defense.π Read
via "Dark Reading".
Dark Reading
What Every Enterprise Can Learn From Russiaβs Cyber Assault on Ukraine
Once isolated occurrences, nation-state attacks are now commonplace; security professionals should know the elements of defense.
π΄ Cybersecurity and ESG Among Top Areas of Concern for Audit Leaders in 2023 π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Cybersecurity and ESG Among Top Areas of Concern for Audit Leaders in 2023
.
π΄ 9 Out of 10 Security Leaders State That Control Failures Are the Primary Reason For Data Breaches π΄
π Read
via "Dark Reading".
Senior cybersecurity professionals reveal their number one frustration is the inability to continuously measure enterprise-wide security posture and identify control failures.π Read
via "Dark Reading".
Dark Reading
9 Out of 10 Security Leaders State That Control Failures Are the Primary Reason For Data Breaches
Senior cybersecurity professionals reveal their number one frustration is the inability to continuously measure enterprise-wide security posture and identify control failures.
βΌ CVE-2022-46146 βΌ
π Read
via "National Vulnerability Database".
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36433 βΌ
π Read
via "National Vulnerability Database".
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.π Read
via "National Vulnerability Database".
π΄ CISA's Strategic Plan Is Ushering in a New Cybersecurity Era π΄
π Read
via "Dark Reading".
Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.π Read
via "Dark Reading".
Dark Reading
CISA's Strategic Plan Is Ushering in a New Cybersecurity Era
Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.
ποΈ How to become a penetration tester: Part 1 β your path into offensive security testing ποΈ
π Read
via "The Daily Swig".
Fancy a career in what one practitioner described as the βbest job in the worldβ? Read on to find out howβ¦π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
How to become a penetration tester: Part 1 β your path into offensive security testing
Fancy a career in what one practitioner described as the βbest job in the worldβ? Read on to find out howβ¦
π΄ Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions π΄
π Read
via "Dark Reading".
Nok Nokβs S3 Suite brings next-level MFA to UberEtherβs IAM Advantage Platform to protect the US federal government and its suppliers.π Read
via "Dark Reading".
Dark Reading
Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions
Nok Nokβs S3 Suite brings next-level MFA to UberEtherβs IAM Advantage Platform to protect the US federal government and its suppliers.
ποΈ Million-dollar bug bounties: The rise of record-breaking payouts ποΈ
π Read
via "The Daily Swig".
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation?π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation?
π΄ Acer Firmware Flaw Lets Attackers Bypass Key Security Feature π΄
π Read
via "Dark Reading".
The manufacturer is working to fix a vulnerability β similar to a previous problem in Lenovo laptops β that allows threat actors to modify or disable Secure Boot settings to load malware.π Read
via "Dark Reading".
Dark Reading
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
The manufacturer is working to fix a vulnerability β similar to a previous problem in Lenovo laptops β that allows threat actors to modify or disable Secure Boot settings to load malware.
π1
ποΈ Intel disputes seriousness of Data Centre Manager authentication flaw ποΈ
π Read
via "The Daily Swig".
Security researcher scores $10K bug bountyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Intel disputes seriousness of Data Centre Manager authentication flaw
Security researcher scores $10K bug bounty
π΄ CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8% π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8%
.
βΌ CVE-2022-45343 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44635 βΌ
π Read
via "National Vulnerability Database".
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.π Read
via "National Vulnerability Database".
β Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!) β
π Read
via "Naked Security".
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β TikTok βInvisible Challengeβ porn malware puts us all at risk β
π Read
via "Naked Security".
An injury to one is an injury to all. Especially if the other people are part of your social network.π Read
via "Naked Security".
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
An injury to one is an injury to all. Especially if the other people are part of your social network.