βΌ CVE-2022-36433 βΌ
π Read
via "National Vulnerability Database".
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.π Read
via "National Vulnerability Database".
π΄ CISA's Strategic Plan Is Ushering in a New Cybersecurity Era π΄
π Read
via "Dark Reading".
Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.π Read
via "Dark Reading".
Dark Reading
CISA's Strategic Plan Is Ushering in a New Cybersecurity Era
Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.
ποΈ How to become a penetration tester: Part 1 β your path into offensive security testing ποΈ
π Read
via "The Daily Swig".
Fancy a career in what one practitioner described as the βbest job in the worldβ? Read on to find out howβ¦π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
How to become a penetration tester: Part 1 β your path into offensive security testing
Fancy a career in what one practitioner described as the βbest job in the worldβ? Read on to find out howβ¦
π΄ Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions π΄
π Read
via "Dark Reading".
Nok Nokβs S3 Suite brings next-level MFA to UberEtherβs IAM Advantage Platform to protect the US federal government and its suppliers.π Read
via "Dark Reading".
Dark Reading
Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions
Nok Nokβs S3 Suite brings next-level MFA to UberEtherβs IAM Advantage Platform to protect the US federal government and its suppliers.
ποΈ Million-dollar bug bounties: The rise of record-breaking payouts ποΈ
π Read
via "The Daily Swig".
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation?π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation?
π΄ Acer Firmware Flaw Lets Attackers Bypass Key Security Feature π΄
π Read
via "Dark Reading".
The manufacturer is working to fix a vulnerability β similar to a previous problem in Lenovo laptops β that allows threat actors to modify or disable Secure Boot settings to load malware.π Read
via "Dark Reading".
Dark Reading
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
The manufacturer is working to fix a vulnerability β similar to a previous problem in Lenovo laptops β that allows threat actors to modify or disable Secure Boot settings to load malware.
π1
ποΈ Intel disputes seriousness of Data Centre Manager authentication flaw ποΈ
π Read
via "The Daily Swig".
Security researcher scores $10K bug bountyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Intel disputes seriousness of Data Centre Manager authentication flaw
Security researcher scores $10K bug bounty
π΄ CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8% π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8%
.
βΌ CVE-2022-45343 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44635 βΌ
π Read
via "National Vulnerability Database".
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.π Read
via "National Vulnerability Database".
β Chrome fixes 8th zero-day of 2022 β check your version now (Edge too!) β
π Read
via "Naked Security".
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β TikTok βInvisible Challengeβ porn malware puts us all at risk β
π Read
via "Naked Security".
An injury to one is an injury to all. Especially if the other people are part of your social network.π Read
via "Naked Security".
Naked Security
TikTok βInvisible Challengeβ porn malware puts us all at risk
An injury to one is an injury to all. Especially if the other people are part of your social network.
π΄ Why the Culture Shift on Privacy and Security Means Today's Data Looks Different π΄
π Read
via "Dark Reading".
A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.π Read
via "Dark Reading".
Dark Reading
Why the Culture Shift on Privacy and Security Means Today's Data Looks Different
A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.
π΄ Killnet Gloats About DDoS Attacks Downing Starlink, White House π΄
π Read
via "Dark Reading".
Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.π Read
via "Dark Reading".
Dark Reading
Killnet Gloats About DDoS Attacks Downing Starlink, White House
Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.
β€1
π΄ The Metaverse Could Become a Top Avenue for Cyberattacks in 2023 π΄
π Read
via "Dark Reading".
Expect to see attackers expand their use of current consumer-targeting tactics while exploring new ways to target Internet users β with implications for businesses.π Read
via "Dark Reading".
Dark Reading
The Metaverse Could Become a Top Avenue for Cyberattacks in 2023
Expect to see attackers expand their use of current consumer-targeting tactics while exploring new ways to target Internet users β with implications for businesses.
βΌ CVE-2022-44356 βΌ
π Read
via "National Vulnerability Database".
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4172 βΌ
π Read
via "National Vulnerability Database".
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46152 βΌ
π Read
via "National Vulnerability Database".
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44355 βΌ
π Read
via "National Vulnerability Database".
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21126 βΌ
π Read
via "National Vulnerability Database".
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4144 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.π Read
via "National Vulnerability Database".