🕴 WordPress Sites Under Attack from Newly Found Linux Trojan 🕴
📖 Read
via "Dark Reading".
Researchers who discovered the backdoor Linux malware say it may have been around for more than three years — and it targets 30+ plugin bugs.📖 Read
via "Dark Reading".
Dark Reading
WordPress Sites Under Attack From Newly Found Linux Trojan
Researchers who discovered the backdoor Linux malware say it may have been around for more than three years — and it targets 30+ plug-in bugs.
📢 Offensive Security bans use of ChatGPT in cyber security certification exams 📢
📖 Read
via "ITPro".
It becomes the second major IT organisation to ban the use of the powerful tool that's taken the industry by storm📖 Read
via "ITPro".
ITPro
Offensive Security bans use of ChatGPT in cyber security certification exams
It becomes the second major IT organisation to ban the use of the powerful tool that's taken the industry by storm
🤔1
📢 LockBit issues rare apology for Toronto SickKids ransomware attack 📢
📖 Read
via "ITPro".
The December attack on the SickKids hospital disrupted services and caused delays for patients📖 Read
via "ITPro".
ITPro
LockBit issues rare apology for Toronto SickKids ransomware attack
The December attack on the SickKids hospital disrupted services and caused delays for patients
🕴 C2A Security To Showcase Automotive Cybersecurity DevOps Platform at CES In Las Vegas, January 5-8 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
C2A Security To Showcase Automotive Cybersecurity DevOps Platform at CES In Las Vegas, January 5-8
JERUSALEM, ISRAEL (PRWEB) JANUARY 03, 2023 -- C2A Security, a leading provider of automated cybersecurity solutions for connected, autonomous, and electric vehicles will showcase its flagship product, EVSec, during the Consumer Electronics Show (CES 2023)…
‼ CVE-2022-45867 ‼
📖 Read
via "National Vulnerability Database".
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22456 ‼
📖 Read
via "National Vulnerability Database".
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version). ViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format "html"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format "html"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45143 ‼
📖 Read
via "National Vulnerability Database".
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32658 ‼
📖 Read
via "National Vulnerability Database".
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32659 ‼
📖 Read
via "National Vulnerability Database".
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32639 ‼
📖 Read
via "National Vulnerability Database".
In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494487; Issue ID: ALPS07494487.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32648 ‼
📖 Read
via "National Vulnerability Database".
In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535964; Issue ID: ALPS06535964.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32651 ‼
📖 Read
via "National Vulnerability Database".
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue ID: ALPS07225857.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32657 ‼
📖 Read
via "National Vulnerability Database".
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32644 ‼
📖 Read
via "National Vulnerability Database".
In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494473; Issue ID: ALPS07494473.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32650 ‼
📖 Read
via "National Vulnerability Database".
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225853; Issue ID: ALPS07225853.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38627 ‼
📖 Read
via "National Vulnerability Database".
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36943 ‼
📖 Read
via "National Vulnerability Database".
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32635 ‼
📖 Read
via "National Vulnerability Database".
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32664 ‼
📖 Read
via "National Vulnerability Database".
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32653 ‼
📖 Read
via "National Vulnerability Database".
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262518; Issue ID: ALPS07262518.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32652 ‼
📖 Read
via "National Vulnerability Database".
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262617; Issue ID: ALPS07262617.📖 Read
via "National Vulnerability Database".