β S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now (or read if you prefer)...π Read
via "Naked Security".
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
Latest episode β listen now (or read if you prefer)β¦
β LastPass admits to customer data breach caused by previous breach β
π Read
via "Naked Security".
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.π Read
via "Naked Security".
Naked Security
LastPass admits to customer data breach caused by previous breach
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.
βΌ CVE-2022-45562 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44928 βΌ
π Read
via "National Vulnerability Database".
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43325 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44929 βΌ
π Read
via "National Vulnerability Database".
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44930 βΌ
π Read
via "National Vulnerability Database".
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.π Read
via "National Vulnerability Database".
ποΈ Go SAML library vulnerable to authentication bypass ποΈ
π Read
via "The Daily Swig".
An attacker could masquerade as an authenticated user without presenting credentialsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Go SAML library vulnerable to authentication bypass
An attacker could masquerade as an authenticated user without presenting credentials
π΄ AWS Unveils Amazon Security Lake at re:Invent 2022 π΄
π Read
via "Dark Reading".
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.π Read
via "Dark Reading".
Dark Reading
AWS Unveils Amazon Security Lake at re:Invent 2022
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.
βΌ CVE-2022-2808 βΌ
π Read
via "National Vulnerability Database".
Algan YazΓβΓΒ±lΓβΓΒ±m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2807 βΌ
π Read
via "National Vulnerability Database".
Algan YazΓβΓΒ±lΓβΓΒ±m Prens Student Information System product has an unauthenticated SQL Injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4270 βΌ
π Read
via "National Vulnerability Database".
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46366 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.π Read
via "National Vulnerability Database".
π΄ A Risky Business: Choosing the Right Methodology π΄
π Read
via "Dark Reading".
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.π Read
via "Dark Reading".
Dark Reading
A Risky Business: Choosing the Right Methodology
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.
π΄ SOC Turns to Homegrown Machine Learning to Catch Cyber-Intruders π΄
π Read
via "Dark Reading".
A do-it-yourself machine-learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.π Read
via "Dark Reading".
Dark Reading
SOC Turns to Homegrown Machine Learning to Catch Cyber Intruders
A do-it-yourself machine learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.
βΌ CVE-2022-45482 βΌ
π Read
via "National Vulnerability Database".
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hπ Read
via "National Vulnerability Database".
βΌ CVE-2022-45480 βΌ
π Read
via "National Vulnerability Database".
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2022-45215 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4271 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45483 βΌ
π Read
via "National Vulnerability Database".
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2022-43272 βΌ
π Read
via "National Vulnerability Database".
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.π Read
via "National Vulnerability Database".