π΄ Iranian APT Targets US With Drokbk Spyware via GitHub π΄
π Read
via "Dark Reading".
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.π Read
via "Dark Reading".
Dark Reading
Iranian APT Targets US With Drokbk Spyware via GitHub
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.
π΄ 43 Trillion Security Data Points Illuminate Our Most Pressing Threats π΄
π Read
via "Dark Reading".
A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.π Read
via "Dark Reading".
Dark Reading
43 Trillion Security Data Points Illuminate Our Most Pressing Threats
A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.
βΌ CVE-2022-44213 βΌ
π Read
via "National Vulnerability Database".
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-4264 βΌ
π Read
via "National Vulnerability Database".
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.π Read
via "National Vulnerability Database".
β S3 Ep112: Data breaches can haunt you more than once! [Audio + Text] β
π Read
via "Naked Security".
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.π Read
via "Naked Security".
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
Breaches, exploits, busts, buffer overflows and bug hunting β entertaining and educational in equal measure.
π1π₯1
ποΈ ChatGPT bid for bogus crypto bug bounty is thwarted ποΈ
π Read
via "The Daily Swig".
Improving large language models offer βjust one more way to attack code, and one more way to defend codeβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ChatGPT bid for bogus bug bounty is thwarted
Improving large language models offer βjust one more way to attack code, and one more way to defend codeβ
π΄ 7 Ways Gaming Companies Can Battle Cybercrime on Their Platforms π΄
π Read
via "Dark Reading".
Balancing gameplay and security can drive down risks and improve gamers' trust and loyalty.π Read
via "Dark Reading".
βΌ CVE-2022-23479 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4170 βΌ
π Read
via "National Vulnerability Database".
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23468 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29838 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23480 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3259 βΌ
π Read
via "National Vulnerability Database".
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23483 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44838 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23484 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4336 βΌ
π Read
via "National Vulnerability Database".
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23478 βΌ
π Read
via "National Vulnerability Database".
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25630 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can embed malicious content with XSS into the admin group policy page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3724 βΌ
π Read
via "National Vulnerability Database".
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windowsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29839 βΌ
π Read
via "National Vulnerability Database".
Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.π Read
via "National Vulnerability Database".