ποΈ Devs urged to rotate secrets after CircleCI suffers security breach ποΈ
π Read
via "The Daily Swig".
DevOps platform advises customers to revoke API tokensπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Devs urged to rotate secrets after CircleCI suffers security breach
DevOps platform advises customers to revoke API tokens
βΌ CVE-2015-10014 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The name of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45995 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125040 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.π Read
via "National Vulnerability Database".
π΄ How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization π΄
π Read
via "Dark Reading".
Collaboration across all business units is key to building a robust cybersecurity program.π Read
via "Dark Reading".
Dark Reading
How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization
Collaboration across all business units is key to building a robust cybersecurity program.
π΄ US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption
CAMPBELL, Calif., Jan. 5, 2023 /PRNewswire/ -- iCoin Technology, a U.S. based manufacturer of modern crypto hardware wallets, announced today that it will be adding a secure messaging feature to their existing hardware wallet system for cryptocurrency
π SimpleRmiDiscoverer 0.1 π
π Read
via "Packet Storm Security".
SimpleRmiDiscoverer is a JMX RMI scanning tool for unsecured (without enabled authentication) instances of JAVA JMX. It does not use standard Java RMI/JMX classes like other available tools but rather communicates directly over TCP. The tool is written in Java and is very useful in red teaming operations because JVM is still ubiquitous in corporate environments. It can be executed by unprivileged (non-admin) users.π Read
via "Packet Storm Security".
Packetstormsecurity
SimpleRmiDiscoverer 0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Faraday 4.3.2 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Maternal & Family Health Services Issues Notice Of Cybersecurity Incident π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Maternal & Family Health Services Issues Notice Of Cybersecurity Incident
WILKES-BARRE, Pa., Jan. 5, 2023 /PRNewswire/ -- Maternal & Family Health Services ("MFHS"), a private non-profit health and human services organization serving Northeastern Pennsylvania, announced today that the organization was the victim of a sophisticatedβ¦
π΄ Threat Actors Evade Detection Through Geofencing & Fingerprinting π΄
π Read
via "Dark Reading".
Security teams may be missing targeted attacks and advanced exploits if attackers are using evasive techniques to avoid detection. Defenders need to up their game.π Read
via "Dark Reading".
Dark Reading
Threat Actors Evade Detection Through Geofencing & Fingerprinting
Security teams may be missing targeted attacks and advanced exploits if attackers are using evasive techniques to avoid detection. Defenders need to up their game.
ποΈ Tesla tackles CORS misconfigurations that left internal networks vulnerable ποΈ
π Read
via "The Daily Swig".
Typosquatting ploy successfully bypassed firewalls of multiple organizationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tesla tackles CORS misconfigurations that left internal networks vulnerable
Typosquatting ploy successfully bypassed firewalls of multiple organizations
π1
βΌ CVE-2022-47091 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47653 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113π Read
via "National Vulnerability Database".
βΌ CVE-2022-46489 βΌ
π Read
via "National Vulnerability Database".
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47659 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_dataπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47662 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662π Read
via "National Vulnerability Database".
βΌ CVE-2022-47654 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261π Read
via "National Vulnerability Database".
βΌ CVE-2022-46490 βΌ
π Read
via "National Vulnerability Database".
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.π Read
via "National Vulnerability Database".