⚠ RSA crypto cracked? Or perhaps not! ⚠
📖 Read
via "Naked Security".
Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍1
‼ CVE-2020-36643 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125050 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44149 ‼
📖 Read
via "National Vulnerability Database".
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125051 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564.📖 Read
via "National Vulnerability Database".
🕴 PurpleUrchin Gang Embraces DevOps In Massive Cloud Malware Campaign 🕴
📖 Read
via "Dark Reading".
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger.📖 Read
via "Dark Reading".
Dark Reading
PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger.
🕴 Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans 🕴
📖 Read
via "Dark Reading".
In what's become a pattern, the cybercriminal ring stole data, demanded payment, and posted personal information when ransom was denied.📖 Read
via "Dark Reading".
Dark Reading
Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans
In what's become a pattern, the cybercriminal ring stole data, demanded payment, and posted personal information when ransom was denied.
‼ CVE-2021-46867 ‼
📖 Read
via "National Vulnerability Database".
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39072 ‼
📖 Read
via "National Vulnerability Database".
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46761 ‼
📖 Read
via "National Vulnerability Database".
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47974 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47976 ‼
📖 Read
via "National Vulnerability Database".
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47975 ‼
📖 Read
via "National Vulnerability Database".
The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46762 ‼
📖 Read
via "National Vulnerability Database".
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39073 ‼
📖 Read
via "National Vulnerability Database".
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46868 ‼
📖 Read
via "National Vulnerability Database".
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.📖 Read
via "National Vulnerability Database".
🕴 Russia-Linked Turla APT Sneakily Co-Opts Ancient Andromeda USB Infections 🕴
📖 Read
via "Dark Reading".
Using command-and-control servers from the decade-old Andromeda malware, the group is installing reconnaissance tools and a backdoor on previously infected systems to target Ukrainian victims.📖 Read
via "Dark Reading".
Dark Reading
Russia-Linked Turla APT Sneakily Co-Opts Ancient Andromeda USB Infections
Using command-and-control servers from the decade-old Andromeda malware, the group is installing reconnaissance tools and a backdoor on previously infected systems to target Ukrainian victims.
‼ CVE-2022-2484 ‼
📖 Read
via "National Vulnerability Database".
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25068 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44939 ‼
📖 Read
via "National Vulnerability Database".
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25067 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".