π cryptmount Filesystem Manager 6.1.1 π
π Read
via "Packet Storm Security".
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.π Read
via "Packet Storm Security".
Packetstormsecurity
cryptmount Filesystem Manager 6.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-41654 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41697 βΌ
π Read
via "National Vulnerability Database".
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36624 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36625 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
ποΈ Zoom Whiteboard patches XSS bug ποΈ
π Read
via "The Daily Swig".
Video conferencing platform fixes cross-site scripting vulnerabilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zoom Whiteboard patches XSS bug
Video conferencing platform fixes cross-site scripting vulnerability
βΌ CVE-2022-47895 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47896 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45347 βΌ
π Read
via "National Vulnerability Database".
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.π Read
via "National Vulnerability Database".
π΄ Threat Modeling in the Age of OpenAI's Chatbot π΄
π Read
via "Dark Reading".
New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.π Read
via "Dark Reading".
Dark Reading
Threat Modeling in the Age of OpenAI's Chatbot
New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.
π΄ Google WordPress Plug-in Bug Allows AWS Metadata Theft π΄
π Read
via "Dark Reading".
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.π Read
via "Dark Reading".
Dark Reading
Google WordPress Plug-in Bug Allows AWS Metadata Theft
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.
π΄ Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal π΄
π Read
via "Dark Reading".
Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.π Read
via "Dark Reading".
Dark Reading
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal
Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.
π΄ Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc. π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc.
SAN FRANCISCO, Dec. 22, 2022 /PRNewswire/ -- The global passwordless authentication market size is expected to reach USD 55.70 billion by 2030, growing at promising 18.2% CAGR, according to a new report by Grand View Research, Inc. Passwordless authenticationβ¦
ποΈ Lean, green coding machine: How sustainable computing drive can reduce attack surfaces ποΈ
π Read
via "The Daily Swig".
Less is often more when it comes to both infosec and eco-friendly computing practicesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lean, green coding machine: How sustainable computing drive can reduce attack surfaces
Less is often more when it comes to both infosec and eco-friendly computing practices
βΌ CVE-2022-45966 βΌ
π Read
via "National Vulnerability Database".
here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4516 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
β βSuspicious loginβ scammers up their game β take care at Christmas β
π Read
via "Naked Security".
A picture is worth 1024 words - we clicked through so you don't have to.π Read
via "Naked Security".
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
A picture is worth 1024 words β we clicked through so you donβt have to.
β S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text] β
π Read
via "Naked Security".
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.π Read
via "Naked Security".
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
π1
βΌ CVE-2022-46101 βΌ
π Read
via "National Vulnerability Database".
AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44510 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23541 βΌ
π Read
via "National Vulnerability Database".
jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.π Read
via "National Vulnerability Database".
π1