π’ US begins seizure of 48 DDoS-for-hire services following global investigation π’
π Read
via "ITPro".
Six people have been arrested who allegedly oversaw computer attacks launched using bootersπ Read
via "ITPro".
ITPro
US begins seizure of 48 DDoS-for-hire services following global investigation
Six people have been arrested who allegedly oversaw computer attacks launched using booters
βΌ CVE-2022-4610 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4612 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42947 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4613 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31683 βΌ
π Read
via "National Vulnerability Database".
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4611 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28173 βΌ
π Read
via "National Vulnerability Database".
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42945 βΌ
π Read
via "National Vulnerability Database".
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33640 βΌ
π Read
via "National Vulnerability Database".
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).π Read
via "National Vulnerability Database".
βΌ CVE-2022-42946 βΌ
π Read
via "National Vulnerability Database".
Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47512 βΌ
π Read
via "National Vulnerability Database".
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affectedπ Read
via "National Vulnerability Database".
β OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing β
π Read
via "Naked Security".
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.π Read
via "Naked Security".
Naked Security
OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.
π΄ Fortnite Developer Epic Games Slapped With $275M Penalty π΄
π Read
via "Dark Reading".
Epic Games has been fined for violating children's online privacy, banned from using collected data.π Read
via "Dark Reading".
Dark Reading
Fortnite Developer Epic Games Slapped With $275M Penalty
Epic Games has been fined for violating children's online privacy, banned from using collected data.
π΄ Malicious Python Trojan Impersonates SentinelOne Security Client π΄
π Read
via "Dark Reading".
A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.π Read
via "Dark Reading".
Dark Reading
Malicious Python Trojan Impersonates SentinelOne Security Client
A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.
π±1
βΌ CVE-2022-43289 βΌ
π Read
via "National Vulnerability Database".
Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42365 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42350 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40607 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35693 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44488 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π Read
via "National Vulnerability Database".