βΌ CVE-2022-45045 βΌ
π Read
via "National Vulnerability Database".
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40849 βΌ
π Read
via "National Vulnerability Database".
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).π Read
via "National Vulnerability Database".
βΌ CVE-2022-40489 βΌ
π Read
via "National Vulnerability Database".
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44262 βΌ
π Read
via "National Vulnerability Database".
ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2022-1471 βΌ
π Read
via "National Vulnerability Database".
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3270 βΌ
π Read
via "National Vulnerability Database".
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.π Read
via "National Vulnerability Database".
π΄ Guidehouse Insights Anticipates Market for Automotive Cybersecurity Solutions Will Grow to More Than $445 Billion by 2031 π΄
π Read
via "Dark Reading".
Market drivers include new regulations, increasing automobile complexity, and new vehicle types.π Read
via "Dark Reading".
Dark Reading
Guidehouse Insights Anticipates Market for Automotive Cybersecurity Solutions Will Grow to More Than $445 Billion by 2031
Market drivers include new regulations, increasing automobile complexity, and new vehicle types.
π΄ CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall π΄
π Read
via "Dark Reading".
Ratings ranged from AAA to CC, with security effectiveness scores from 27% to 100%.π Read
via "Dark Reading".
Dark Reading
CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall
Ratings ranged from AAA to CC, with security effectiveness scores from 27% to 100%.
π1
π΄ Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands π΄
π Read
via "Dark Reading".
As consumers catch on to the dangers, protection could become a major topic for legislative bodies.π Read
via "Dark Reading".
Dark Reading
Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands
As consumers catch on to the dangers, protection could become a major topic for legislative bodies.
π΄ Phylum Expands Its Software Supply Chain Security Capabilities, Introduces Automated Vulnerability Reachability π΄
π Read
via "Dark Reading".
Know what you need to fix today and what you donβt.π Read
via "Dark Reading".
Dark Reading
Phylum Expands Its Software Supply Chain Security Capabilities, Introduces Automated Vulnerability Reachability
Know what you need to fix today and what you donβt.
ποΈ Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles ποΈ
π Read
via "The Daily Swig".
Vehicles made after 2012 were vulnerable to web app exploitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
Vehicles made after 2012 were vulnerable to web app exploit
π1
βΌ CVE-2022-28607 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37016 βΌ
π Read
via "National Vulnerability Database".
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30528 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37017 βΌ
π Read
via "National Vulnerability Database".
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.π Read
via "National Vulnerability Database".
π΄ IBM Cloud Supply Chain Vulnerability Showcases New Threat Class π΄
π Read
via "Dark Reading".
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.π Read
via "Dark Reading".
Dark Reading
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
π΄ Is MFA the Vegetable of Cybersecurity? π΄
π Read
via "Dark Reading".
Donβt fuss now β another helping of multifactor authentication can keep your organization strong and its data safer.π Read
via "Dark Reading".
Dark Reading
Is MFA the Vegetable of Cybersecurity?
Multifactor authentification is crucial for creating a healthy cybersecurity posture, but many companies are slow to adopt.
β Serious Security: MD5 considered harmful β to the tune of $600,000 β
π Read
via "Naked Security".
It's not just the hashing, by the way. It's the salting and the stretching, too!π Read
via "Naked Security".
Naked Security
Serious Security: MD5 considered harmful β to the tune of $600,000
Itβs not just the hashing, by the way. Itβs the salting and the stretching, too!
βΌ CVE-2022-4257 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.π Read
via "National Vulnerability Database".
β The CHRISTMA EXEC network worm β 35 years and counting! β
π Read
via "Naked Security".
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...π Read
via "Naked Security".
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
βUh-oh, this viruses-and-worms scene could turn out quite troublesome.β If only weβd been wrongβ¦
β S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now (or read if you prefer)...π Read
via "Naked Security".
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
Latest episode β listen now (or read if you prefer)β¦