π΄ San Francisco Rolls Back Its Plan for Killer Robots π΄
π Read
via "Dark Reading".
After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.π Read
via "Dark Reading".
Dark Reading
San Francisco Rolls Back Its Plan for Killer Robots
After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.
ποΈ Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover ποΈ
π Read
via "The Daily Swig".
Empower buyers and stop fixating about zero-days, conference attendees toldπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
Empower buyers and stop fixating about zero-days, conference attendees told
π1
π΄ Piiano Equips Developers to Stop Sensitive Data Breaches π΄
π Read
via "Dark Reading".
Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers.π Read
via "Dark Reading".
Dark Reading
Piiano Equips Developers to Stop Sensitive Data Breaches
Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers.
β SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m β
π Read
via "Naked Security".
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π€―1
π΄ Will New CISA Guidelines Help Bolster Cyber Defenses? π΄
π Read
via "Dark Reading".
Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.π Read
via "Dark Reading".
Dark Reading
Will New CISA Guidelines Help Bolster Cyber Defenses?
Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.
π₯1
βΌ CVE-2020-36565 βΌ
π Read
via "National Vulnerability Database".
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41720 βΌ
π Read
via "National Vulnerability Database".
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43581 βΌ
π Read
via "National Vulnerability Database".
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44393 βΌ
π Read
via "National Vulnerability Database".
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-41735 βΌ
π Read
via "National Vulnerability Database".
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44361 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44371 βΌ
π Read
via "National Vulnerability Database".
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
π΄ 4 Arrested for Filing Fake Tax Returns With Stolen Data π΄
π Read
via "Dark Reading".
Cybercrooks allegedly stole personal data, used it to file IRS tax documents, and routed refunds to bank accounts under their control.π Read
via "Dark Reading".
Dark Reading
4 Arrested for Filing Fake Tax Returns With Stolen Data
Cybercrooks allegedly stole personal data, used it to file IRS tax documents, and routed refunds to bank accounts under their control.
βΌ CVE-2022-45550 βΌ
π Read
via "National Vulnerability Database".
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2022-46770 βΌ
π Read
via "National Vulnerability Database".
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).π Read
via "National Vulnerability Database".
βΌ CVE-2022-44373 βΌ
π Read
via "National Vulnerability Database".
A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44351 βΌ
π Read
via "National Vulnerability Database".
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.π Read
via "National Vulnerability Database".
π΄ Key Security Announcements From AWS re:Invent 2022 π΄
π Read
via "Dark Reading".
At AWS re:Invent last week, the cloud giant previewed security services including Amazon Security Lake for security telemetry, Verified Permissions for developers, and a VPN bypass service.π Read
via "Dark Reading".
Dark Reading
Key Security Announcements From AWS re:Invent 2022
At AWS re:Invent last week, the cloud giant previewed security services including Amazon Security Lake for security telemetry, Verified Permissions for developers, and a VPN bypass service.
π΄ Fraudsters Siphon $360M from Retailers Using 50M Fake Shoppers π΄
π Read
via "Dark Reading".
Cyberattackers focused on ad fraud and clickjacking stole millions during Black Friday by hijacking shopper accounts and tying up transactions.π Read
via "Dark Reading".
Dark Reading
Fraudsters Siphon $360M From Retailers Using 50M Fake Shoppers
Cyberattackers focused on ad fraud and clickjacking stole millions during Black Friday by hijacking shopper accounts and tying up transactions.
π€1
βΌ CVE-2022-23487 βΌ
π Read
via "National Vulnerability Database".
js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2pΓ’β¬β’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the hostΓ’β¬β’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4341 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095.π Read
via "National Vulnerability Database".