βΌ CVE-2022-2752 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.π Read
via "National Vulnerability Database".
π΄ Google: Use SLSA Framework for Better Software Security π΄
π Read
via "Dark Reading".
Security leaders also need to take a more holistic approach to addressing supply chain risks, company says in new research report.π Read
via "Dark Reading".
Dark Reading
Google: Use SLSA Framework for Better Software Security
Security leaders also need to take a more holistic approach to addressing supply chain risks, company says in new research report.
π΄ How Naming Can Change the Game in Software Supply Chain Security π΄
π Read
via "Dark Reading".
A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.π Read
via "Dark Reading".
Dark Reading
How Naming Can Change the Game in Software Supply Chain Security
A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.
β Credit card skimming β the long and winding road of supply chain failure β
π Read
via "Naked Security".
Don't keep calling home to a JavaScript server that closed its doors eight years ago!π Read
via "Naked Security".
Naked Security
Credit card skimming β the long and winding road of supply chain failure
Donβt keep calling home to a JavaScript server that closed its doors eight years ago!
π΄ Iranian APT Targets US With Drokbk Spyware via GitHub π΄
π Read
via "Dark Reading".
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.π Read
via "Dark Reading".
Dark Reading
Iranian APT Targets US With Drokbk Spyware via GitHub
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.
π΄ 43 Trillion Security Data Points Illuminate Our Most Pressing Threats π΄
π Read
via "Dark Reading".
A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.π Read
via "Dark Reading".
Dark Reading
43 Trillion Security Data Points Illuminate Our Most Pressing Threats
A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.
βΌ CVE-2022-44213 βΌ
π Read
via "National Vulnerability Database".
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-4264 βΌ
π Read
via "National Vulnerability Database".
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.π Read
via "National Vulnerability Database".
β S3 Ep112: Data breaches can haunt you more than once! [Audio + Text] β
π Read
via "Naked Security".
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.π Read
via "Naked Security".
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
Breaches, exploits, busts, buffer overflows and bug hunting β entertaining and educational in equal measure.
π1π₯1
ποΈ ChatGPT bid for bogus crypto bug bounty is thwarted ποΈ
π Read
via "The Daily Swig".
Improving large language models offer βjust one more way to attack code, and one more way to defend codeβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ChatGPT bid for bogus bug bounty is thwarted
Improving large language models offer βjust one more way to attack code, and one more way to defend codeβ
π΄ 7 Ways Gaming Companies Can Battle Cybercrime on Their Platforms π΄
π Read
via "Dark Reading".
Balancing gameplay and security can drive down risks and improve gamers' trust and loyalty.π Read
via "Dark Reading".
βΌ CVE-2022-23479 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4170 βΌ
π Read
via "National Vulnerability Database".
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23468 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29838 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23480 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3259 βΌ
π Read
via "National Vulnerability Database".
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23483 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44838 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23484 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4336 βΌ
π Read
via "National Vulnerability Database".
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature.π Read
via "National Vulnerability Database".