β Credit card skimming β the long and winding road of supply chain failure β
π Read
via "Naked Security".
Don't keep calling home to a JavaScript server that closed its doors eight years ago!π Read
via "Naked Security".
Naked Security
Credit card skimming β the long and winding road of supply chain failure
Donβt keep calling home to a JavaScript server that closed its doors eight years ago!
βοΈ New Ransom Payment Schemes Target Executives, Telemedicine βοΈ
π Read
via "Krebs on Security".
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.π Read
via "Krebs on Security".
Krebs on Security
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultationsβ¦
βΌ CVE-2022-38599 βΌ
π Read
via "National Vulnerability Database".
Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40939 βΌ
π Read
via "National Vulnerability Database".
In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46828 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46825 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46827 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46824 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46826 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46831 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46829 βΌ
π Read
via "National Vulnerability Database".
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46830 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.π Read
via "National Vulnerability Database".
π΄ APT37 Uses Internet Explorer Zero-Day to Spread Malware π΄
π Read
via "Dark Reading".
IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.π Read
via "Dark Reading".
Dark Reading
APT37 Uses Internet Explorer Zero-Day to Spread Malware
IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.
π΄ Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs π΄
π Read
via "Dark Reading".
More than three-quarters of police and emergency responders worry about ransomware attacks and data leaks, while their organizations lag behind in technology adoption.π Read
via "Dark Reading".
Dark Reading
Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs
More than three-quarters of police and emergency responders worry about ransomware attacks and data leaks, while their organizations lag behind in technology adoption.
π΄ How Do I Use the Domain Score to Determine if a Domain Is a Threat? π΄
π Read
via "Dark Reading".
To be most effective, protective DNS services need to constantly reassess and rescore domains as additional data comes in.π Read
via "Dark Reading".
Dark Reading
How Do I Use the Domain Score to Determine Whether a Domain Is a Threat?
To be most effective, protective DNS services need to constantly reassess and rescore domains as additional data comes in.
βΌ CVE-2022-44938 βΌ
π Read
via "National Vulnerability Database".
Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41717 βΌ
π Read
via "National Vulnerability Database".
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4366 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch.π Read
via "National Vulnerability Database".
π΄ Agrius Iranian APT Group Cuts Into Diamond Industry π΄
π Read
via "Dark Reading".
The supply chain attack is piggybacking off an earlier breach to deploy new wiper malware.π Read
via "Dark Reading".
Dark Reading
Agrius Iranian APT Group Cuts Into Diamond Industry
The supply chain attack is piggybacking off an earlier breach to deploy new wiper malware.
βΌ CVE-2022-41949 βΌ
π Read
via "National Vulnerability Database".
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33186 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.π Read
via "National Vulnerability Database".