βΌ CVE-2022-46548 βΌ
π Read
via "National Vulnerability Database".
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44643 βΌ
π Read
via "National Vulnerability Database".
In Grafana Enterprise Metrics (GEM) before 1.7.1 and 2.x before 2.3.1, after creating an Access Policy that is granted access to all tenants as well as specified a specific label matcher, the label matcher is erroneously not propagated to queries performed with this access policy. Thus, more access is granted to the policy than intended.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4619 βΌ
π Read
via "National Vulnerability Database".
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Γ’β¬ΛExtra CSS classΓ’β¬β’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46020 βΌ
π Read
via "National Vulnerability Database".
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.π Read
via "National Vulnerability Database".
ποΈ How to become a penetration tester: Part 2 β βMr hackingβ John Jackson on the virtue of βendless curiosityβ ποΈ
π Read
via "The Daily Swig".
Marine Corps engineer-turned offensive security expert offers careers advice and his best and worst experiencesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
How to become a penetration tester: Part 2 β βMr Hackingβ John Jackson on the virtue of βendless curiosityβ
Marine Corps engineer-turned offensive security expert offers careers advice and his best and worst experiences
β OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing β
π Read
via "Naked Security".
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.π Read
via "Naked Security".
Naked Security
OneCoin scammer Sebastian Greenwood pleads guilty, βCryptoqueenβ still missing
The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.
π΄ Cybersecurity VMRay Extends Series B Investment to a Total of $34 million USD to Drive Growth Into New Markets π΄
π Read
via "Dark Reading".
VMRay announces the closing of a Series B led by global alternative asset manager Tikehau Capital, which will fuel further expansion of the product portfolio to target a broader set of market segments.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Company VMRay Extends Series B Investment to a Total of $34M USD to Drive Growth into New Markets
VMRay announces the closing of a Series B led by global alternative asset manager Tikehau Capital, which will fuel further expansion of the product portfolio to target a broader set of market segments.
π΄ Coming to a SOC Near You: New Browsers, 'Posture' Management, Virtual Assistants π΄
π Read
via "Dark Reading".
Startups are coalescing around effective data loss prevention, reducing data attack surfaces, and viable AI automation.π Read
via "Dark Reading".
Dark Reading
Coming to a SOC Near You: New Browsers, 'Posture' Management, Virtual Assistants
Startups are coalescing around effective data loss prevention, reducing data attack surfaces, and viable AI automation.
β Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug β
π Read
via "Naked Security".
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-46076 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.π Read
via "National Vulnerability Database".
π΄ Searchlight Security Changes Name to Searchlight Cyber and Launches New Brand π΄
π Read
via "Dark Reading".
Searchlight Cyber announces rebrand that reflects its status as a fast-growing cybersecurity business.π Read
via "Dark Reading".
Dark Reading
Searchlight Security Changes Name to Searchlight Cyber and Launches New Brand
Searchlight Cyber announces rebrand that reflects its status as a fast-growing cybersecurity business.
π1
π΄ How AI/ML Can Thwart DDoS Attacks π΄
π Read
via "Dark Reading".
When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of DDoS detection and mitigation.π Read
via "Dark Reading".
Dark Reading
How AI/ML Can Thwart DDoS Attacks
When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of distributed denial-of-service detection and mitigation.
π1
βοΈ The Equifax Breach Settlement Offer is Real, For Now βοΈ
π Read
via "Krebs on Security".
Millions of people likely just received an email or snail mail notice saying they're eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.π Read
via "Krebs on Security".
Krebs on Security
The Equifax Breach Settlement Offer is Real, For Now
Millions of people likely just received an email or snail mail notice saying they're eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries aboutβ¦
π΄ NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine π΄
π Read
via "Dark Reading".
Security Service-backed Trident Ursa APT group shakes up tactics in its relentless cyberattacks against Ukraine.π Read
via "Dark Reading".
Dark Reading
NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine
Security Service-backed Trident Ursa APT group shakes up tactics in its relentless cyberattacks against Ukraine.
π΄ Raspberry Robin Worm Targets Telcos & Governments π΄
π Read
via "Dark Reading".
With 10 layers of obfuscation and fake payloads, the Raspberry Robin worm is nesting its way deep into organizations.π Read
via "Dark Reading".
Dark Reading
Raspberry Robin Worm Targets Telcos & Governments
With 10 layers of obfuscation and fake payloads, the Raspberry Robin worm is nesting its way deep into organizations.
βΌ CVE-2022-43875 βΌ
π Read
via "National Vulnerability Database".
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46424 βΌ
π Read
via "National Vulnerability Database".
An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23537 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).π Read
via "National Vulnerability Database".
βΌ CVE-2022-46912 βΌ
π Read
via "National Vulnerability Database".
An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46771 βΌ
π Read
via "National Vulnerability Database".
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46430 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.π Read
via "National Vulnerability Database".