🗓️ Exploit drops for remote code execution bug in Control Web Panel 🗓️
📖 Read
via "The Daily Swig".
Vendor patched the vulnerability in October after a red team alert📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Exploit drops for remote code execution bug in Control Web Panel
Vendor patched the vulnerability in October after a red team alert
🕴 From Ferrari to Ford, Cybersecurity Bugs Plague Automotive Safety 🕴
📖 Read
via "Dark Reading".
Security vulnerabilities plague automakers, and as vehicles become more connected, a more proactive stance on cybersecurity will be required — alongside regulations.📖 Read
via "Dark Reading".
Dark Reading
From Ferrari to Ford, Cybersecurity Bugs Plague Automotive Safety
Security vulnerabilities plague automakers, and as vehicles become more connected, a more proactive stance on cybersecurity will be required — alongside regulations.
‼ CVE-2023-22475 ‼
📖 Read
via "National Vulnerability Database".
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canarytoken's trigger history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken's creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken's creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location. This vulnerability is similar to CVE-2022-31113, but affected parameters reported differently from the Canarytoken trigger request. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. Canarytokens Docker images sha-fb61290 and later contain a patch for this issue.📖 Read
via "National Vulnerability Database".
⚠ RSA crypto cracked? Or perhaps not! ⚠
📖 Read
via "Naked Security".
Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍1
‼ CVE-2020-36643 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125050 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44149 ‼
📖 Read
via "National Vulnerability Database".
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125051 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564.📖 Read
via "National Vulnerability Database".
🕴 PurpleUrchin Gang Embraces DevOps In Massive Cloud Malware Campaign 🕴
📖 Read
via "Dark Reading".
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger.📖 Read
via "Dark Reading".
Dark Reading
PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger.
🕴 Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans 🕴
📖 Read
via "Dark Reading".
In what's become a pattern, the cybercriminal ring stole data, demanded payment, and posted personal information when ransom was denied.📖 Read
via "Dark Reading".
Dark Reading
Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans
In what's become a pattern, the cybercriminal ring stole data, demanded payment, and posted personal information when ransom was denied.
‼ CVE-2021-46867 ‼
📖 Read
via "National Vulnerability Database".
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39072 ‼
📖 Read
via "National Vulnerability Database".
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.📖 Read
via "National Vulnerability Database".