βΌ CVE-2022-39904 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45508 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4123 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45507 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45513 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45512 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39895 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.π Read
via "National Vulnerability Database".
β Credit card skimming β the long and winding road of supply chain failure β
π Read
via "Naked Security".
Don't keep calling home to a JavaScript server that closed its doors eight years ago!π Read
via "Naked Security".
Naked Security
Credit card skimming β the long and winding road of supply chain failure
Donβt keep calling home to a JavaScript server that closed its doors eight years ago!
βοΈ New Ransom Payment Schemes Target Executives, Telemedicine βοΈ
π Read
via "Krebs on Security".
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.π Read
via "Krebs on Security".
Krebs on Security
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultationsβ¦
βΌ CVE-2022-38599 βΌ
π Read
via "National Vulnerability Database".
Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40939 βΌ
π Read
via "National Vulnerability Database".
In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46828 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46825 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46827 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46824 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46826 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46831 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46829 βΌ
π Read
via "National Vulnerability Database".
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46830 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.π Read
via "National Vulnerability Database".
π΄ APT37 Uses Internet Explorer Zero-Day to Spread Malware π΄
π Read
via "Dark Reading".
IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.π Read
via "Dark Reading".
Dark Reading
APT37 Uses Internet Explorer Zero-Day to Spread Malware
IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.
π΄ Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs π΄
π Read
via "Dark Reading".
More than three-quarters of police and emergency responders worry about ransomware attacks and data leaks, while their organizations lag behind in technology adoption.π Read
via "Dark Reading".
Dark Reading
Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs
More than three-quarters of police and emergency responders worry about ransomware attacks and data leaks, while their organizations lag behind in technology adoption.