ποΈ Stupid security 2022 β this yearβs infosec fails ποΈ
π Read
via "The Daily Swig".
Epic web security fails and salutary lessons from another inevitably eventful year in infosecπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Stupid security 2022 β this yearβs infosec fails
Epic web security fails and salutary lessons from another inevitably eventful year in infosec
π1
βΌ CVE-2018-25058 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4296 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4295 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
β US passes the Quantum Computing Cybersecurity Preparedness Act β and why not? β
π Read
via "Naked Security".
Cryptographic agility: the ability and the willingness to change quickly when needed.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π₯1
π΄ New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4 π΄
π Read
via "Dark Reading".
Concerns about recessionary trends impacting the cybersecurity sector in 2022 remained largely unfounded in Q4, as investment activity surged after a Q3 slowdown.π Read
via "Dark Reading".
Dark Reading
New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4
Concerns about recessionary trends impacting the cybersecurity sector in 2022 remained largely unfounded in Q4, as investment activity surged after a Q3 slowdown.
π΄ After the Uber Breach: 3 Questions All CISOs Should Ask Themselves π΄
π Read
via "Dark Reading".
How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward.π Read
via "Dark Reading".
Dark Reading
After the Uber Breach: 3 Questions All CISOs Should Ask Themselves
How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward.
π2
π΄ 3 Industries, 3 Security Programs π΄
π Read
via "Dark Reading".
Security leaders from a media corporation, a commercial real estate company, and an automotive technology company share how they address cyber-risk.π Read
via "Dark Reading".
Dark Reading
3 Industries, 3 Security Programs
Security leaders from a media corporation, a commercial real estate company, and an automotive technology company share how they address cyber-risk.
π1π€1
π΄ Extracting Encrypted Credentials From Common Tools π΄
π Read
via "Dark Reading".
Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.π Read
via "Dark Reading".
Dark Reading
Extracting Encrypted Credentials From Common Tools
Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.
βΌ CVE-2022-4849 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4840 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4839 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4846 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4843 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4848 βΌ
π Read
via "National Vulnerability Database".
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4851 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4850 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4847 βΌ
π Read
via "National Vulnerability Database".
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4845 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4844 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4841 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
π₯2