π΄ Analysis Shows Attackers Favor PowerShell, File Obfuscation π΄
π Read
via "Dark Reading".
Aiming to give threat hunters a list of popular attack tactics, a cybersecurity team analyzed collections of real-world threat data to find attackers' most popular techniques.π Read
via "Dark Reading".
Dark Reading
Analysis Shows Attackers Favor PowerShell, File Obfuscation
Aiming to give threat hunters a list of popular attack tactics, a cybersecurity team analyzed collections of real-world threat data to find attackers' most popular techniques.
π1
βΌ CVE-2022-23514 βΌ
π Read
via "National Vulnerability Database".
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23512 βΌ
π Read
via "National Vulnerability Database".
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + "/" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23515 βΌ
π Read
via "National Vulnerability Database".
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23516 βΌ
π Read
via "National Vulnerability Database".
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized.π Read
via "National Vulnerability Database".
π΄ How Our Behavioral Bad Habits Are a Community Trait and Security Problem π΄
π Read
via "Dark Reading".
Learn to think three moves ahead of hackers so you're playing chess, not checkers. Instead of reacting to opponents' moves, be strategic, and disrupt expected patterns of vulnerability.π Read
via "Dark Reading".
Dark Reading
How Our Behavioral Bad Habits Are a Community Trait and Security Problem
Learn to think three moves ahead of hackers so you're playing chess, not checkers. Instead of reacting to opponents' moves, be strategic, and disrupt expected patterns of vulnerability.
π΄ Royal Ransomware Puts Novel Spin on Encryption Tactics π΄
π Read
via "Dark Reading".
An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.π Read
via "Dark Reading".
Dark Reading
Royal Ransomware Puts Novel Spin on Encryption Tactics
An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.
π Global Socket 1.4.39 π
π Read
via "Packet Storm Security".
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.π Read
via "Packet Storm Security".
Packetstormsecurity
Global Socket 1.4.39 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Automated Cybercampaign Creates Masses of Bogus Software Building Blocks π΄
π Read
via "Dark Reading".
The proliferation of automated cyberattacks against npm, NuGet, and PyPI underscores the growing sophistication of threat actors and the threats to open source software supply chains.π Read
via "Dark Reading".
Dark Reading
Automated Cyber Campaign Creates Masses of Bogus Software Building Blocks
The proliferation of automated cyberattacks against npm, NuGet, and PyPI underscores the growing sophistication of threat actors and the threats to open source software supply chains.
π΄ Proofpoint Nabs Illusive, Signaling a Sunset for Deception Tech π΄
π Read
via "Dark Reading".
Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).π Read
via "Dark Reading".
Dark Reading
Proofpoint Nabs Illusive, Signaling a Sunset for Deception Tech
Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).
βΌ CVE-2022-31358 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4495 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent 1.7. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44832 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46609 βΌ
π Read
via "National Vulnerability Database".
Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46997 βΌ
π Read
via "National Vulnerability Database".
Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46996 βΌ
π Read
via "National Vulnerability Database".
vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44898 βΌ
π Read
via "National Vulnerability Database".
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, December 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, December 2022 Edition
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windowsβ¦
β€1
π΄ Apple Zero-Day Actively Exploited on iPhone 15 π΄
π Read
via "Dark Reading".
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.π Read
via "Dark Reading".
Dark Reading
Apple Zero-Day Actively Exploited on iPhone 15
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.
π΄ CSAF Is the Future of Vulnerability Management π΄
π Read
via "Dark Reading".
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.π Read
via "Dark Reading".
Dark Reading
CSAF Is the Future of Vulnerability Management
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.
π΄ Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware π΄
π Read
via "Dark Reading".
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.π Read
via "Dark Reading".
Dark Reading
Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.
π1