βΌ CVE-2022-4503 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.π Read
via "National Vulnerability Database".
ποΈ Critical IP spoofing bug patched in Cacti ποΈ
π Read
via "The Daily Swig".
βNot that hard to execute if attacker has access to a monitoring platform running Cactiβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical IP spoofing bug patched in Cacti
βNot that hard to execute if attacker has access to a monitoring platform running Cactiβ
π΄ Data Destruction Policies in the Age of Cloud Computing π΄
π Read
via "Dark Reading".
It's time for on-the-record answers to questions about data destruction in cloud environments. Without access, how do you verify data has been destroyed? Do processes meet DoD standards, or do we need to adjust standards to meet reality?π Read
via "Dark Reading".
Dark Reading
Data Destruction Policies in the Age of Cloud Computing
It's time for on-the-record answers to questions about data destruction in cloud environments. Without access, how do you verify data has been destroyed? Do processes meet DoD standards, or do we need to adjust standards to meet reality?
π΄ Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps π΄
π Read
via "Dark Reading".
Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail.π Read
via "Dark Reading".
Dark Reading
Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps
Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail.
β Apple patches everything, finally reveals mystery of iOS 16.1.2 β
π Read
via "Naked Security".
There's an update for everything this time, not just for iOS.π Read
via "Naked Security".
Naked Security
Apple patches everything, finally reveals mystery of iOS 16.1.2
Thereβs an update for everything this time, not just for iOS.
β Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware β
π Read
via "Naked Security".
Tales of derring-do in the cyberunderground! (And some zero-days.)π Read
via "Naked Security".
Naked Security
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
Tales of derring-do in the cyberunderground! (And some zero-days.)
β S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text] β
π Read
via "Naked Security".
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Adversary3 3.0 π
π Read
via "Packet Storm Security".
Adversary3 is a tool to navigate the vast www.malvuln.com malware vulnerability dataset.π Read
via "Packet Storm Security".
Packetstormsecurity
Adversary3 3.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook π΄
π Read
via "Dark Reading".
Facebook's parent company has also expanded bug-bounty payouts to include Oculus and other "metaverse" gadgets for AR/VR.π Read
via "Dark Reading".
Dark Reading
Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook
Facebook's parent company has also expanded bug-bounty payouts to include Oculus and other "metaverse" gadgets for AR/VR.
π΄ WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections π΄
π Read
via "Dark Reading".
New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.π Read
via "Dark Reading".
Dark Reading
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.
π΄ Axonius Bolsters SaaS Management Offering With New Behavioral Analytics and SaaS User-Device Association Capabilities to Help Teams Address SaaS Application Risk π΄
π Read
via "Dark Reading".
New features bring greater visibility and context into SaaS applications access and activity.π Read
via "Dark Reading".
Dark Reading
Axonius Bolsters SaaS Management Offering With Behavioral Analytics and SaaS User-Device Association Capabilities
New features bring greater visibility and context into SaaS applications access and activity.
π1
βΌ CVE-2022-39929 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22063 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in Core due to improper configuration in boot remapper.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23474 βΌ
π Read
via "National Vulnerability Database".
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapperΓ’β¬β’s innerHTML. This issue is patched in version 2.26.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20588 βΌ
π Read
via "National Vulnerability Database".
File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36607 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23524 βΌ
π Read
via "National Vulnerability Database".
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39934 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39939 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39941 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42852 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.π Read
via "National Vulnerability Database".