ποΈ Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles ποΈ
π Read
via "The Daily Swig".
Vehicles made after 2012 were vulnerable to web app exploitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles
Vehicles made after 2012 were vulnerable to web app exploit
π1
βΌ CVE-2022-28607 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37016 βΌ
π Read
via "National Vulnerability Database".
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30528 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37017 βΌ
π Read
via "National Vulnerability Database".
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.π Read
via "National Vulnerability Database".
π΄ IBM Cloud Supply Chain Vulnerability Showcases New Threat Class π΄
π Read
via "Dark Reading".
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.π Read
via "Dark Reading".
Dark Reading
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
π΄ Is MFA the Vegetable of Cybersecurity? π΄
π Read
via "Dark Reading".
Donβt fuss now β another helping of multifactor authentication can keep your organization strong and its data safer.π Read
via "Dark Reading".
Dark Reading
Is MFA the Vegetable of Cybersecurity?
Multifactor authentification is crucial for creating a healthy cybersecurity posture, but many companies are slow to adopt.
β Serious Security: MD5 considered harmful β to the tune of $600,000 β
π Read
via "Naked Security".
It's not just the hashing, by the way. It's the salting and the stretching, too!π Read
via "Naked Security".
Naked Security
Serious Security: MD5 considered harmful β to the tune of $600,000
Itβs not just the hashing, by the way. Itβs the salting and the stretching, too!
βΌ CVE-2022-4257 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.π Read
via "National Vulnerability Database".
β The CHRISTMA EXEC network worm β 35 years and counting! β
π Read
via "Naked Security".
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...π Read
via "Naked Security".
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
βUh-oh, this viruses-and-worms scene could turn out quite troublesome.β If only weβd been wrongβ¦
β S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now (or read if you prefer)...π Read
via "Naked Security".
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
Latest episode β listen now (or read if you prefer)β¦
βΌ CVE-2022-3696 βΌ
π Read
via "National Vulnerability Database".
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29837 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3226 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41297 βΌ
π Read
via "National Vulnerability Database".
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3710 βΌ
π Read
via "National Vulnerability Database".
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2969 βΌ
π Read
via "National Vulnerability Database".
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3711 βΌ
π Read
via "National Vulnerability Database".
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3713 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3709 βΌ
π Read
via "National Vulnerability Database".
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βοΈ ConnectWise Quietly Patches Flaw That Helps Phishers βοΈ
π Read
via "Krebs on Security".
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.π Read
via "Krebs on Security".
Krebs on Security
ConnectWise Quietly Patches Flaw That Helps Phishers
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipientsβ¦