ποΈ IoT vendors faulted for slow progress in setting up vulnerability disclosure programs ποΈ
π Read
via "The Daily Swig".
Manufacturer complacency βtranslates into an unacceptable risk for consumersβ, warns security expertπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Manufacturer complacency βtranslates into an unacceptable risk for consumersβ, warns security expert
π4π₯1
βοΈ Administrator of RSOCKS Proxy Botnet Pleads Guilty βοΈ
π Read
via "Krebs on Security".
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, βAmerica is looking for me because I have enormous information and they need it.βπ Read
via "Krebs on Security".
Krebs on Security
Administrator of RSOCKS Proxy Botnet Pleads Guilty
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The pleaβ¦
π₯2π1
β Apple patches are out β old iPhones get an old zero-day fix at last! β
π Read
via "Naked Security".
Don't delay, especially if you're still running an iOS 12 device... please do it today!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ Yellowfin tackles auth bypass bug trio that opened door to RCE ποΈ
π Read
via "The Daily Swig".
Pre- and post-auth path to pwnageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage
π1
βοΈ Experian Glitch Exposing Credit Files Lasted 47 Days βοΈ
π Read
via "Krebs on Security".
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer's full credit report -- armed with nothing more than a person's name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.π Read
via "Krebs on Security".
Krebs on Security
Experian Glitch Exposing Credit Files Lasted 47 Days
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer's full credit report -- armed with nothing more than a person's name, addressβ¦
π1
ποΈ Trellix automates tackling open source vulnerabilities at scale ποΈ
π Read
via "The Daily Swig".
More than 61,000 vulnerabilities patched and countingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting
π1
β GoTo admits: Customer cloud backups stolen together with decryption key β
π Read
via "Naked Security".
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.π Read
via "Naked Security".
Naked Security
GoTo admits: Customer cloud backups stolen together with decryption key
We were going to write, βOnce more unto the breach, dear friends, once moreββ¦ but it seems to go without saying these days.
β S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text] β
π Read
via "Naked Security".
Lastest episode - listen now! (Or read the transcript.)π Read
via "Naked Security".
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Lastest episode β listen now! (Or read the transcript.)
ποΈ Ruby on Rails apps vulnerable to data theft through Ransack search ποΈ
π Read
via "The Daily Swig".
Several applications were vulnerable to brute-force attacks; hundreds more could be at riskπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
βΌ CVE-2022-42386 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18655.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42378 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18631.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42379 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18648.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42380 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18649.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41140 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41147 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18286.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41153 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18343.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42382 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18651.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42376 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18529.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42377 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40719 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41151 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18341.π Read
via "National Vulnerability Database".