π’ Cyber criminal groups wooing hackers with seven-figure salaries and holiday pay π’
π Read
via "ITPro".
Paid leave, competitive salaries, and βfriendly teamβ environments were among the benefits highlighted by dark web job adsπ Read
via "ITPro".
ITPro
Cyber criminal groups wooing hackers with seven-figure salaries and holiday pay
Paid leave, competitive salaries, and βfriendly teamβ environments were among the benefits highlighted by dark web job ads
π’ Hackers target business cloud environments by abusing Microsoftβs βverified publisherβ status π’
π Read
via "ITPro".
Proofpoint research found that hackers deliberately abused verification procedures to dupe firms with malicious appsπ Read
via "ITPro".
Cloud Pro
Hackers target business cloud environments by abusing Microsoftβs βverified publisherβ status
Proofpoint research found that hackers deliberately abused verification procedures to dupe firms with malicious apps
π’ Yandex data breach reveals source code littered with racist language π’
π Read
via "ITPro".
Yandex source code for a range of key services was leaked to a popular hacker forum last weekπ Read
via "ITPro".
ITPro
Yandex data breach reveals source code littered with racist language
Yandex source code for a range of key services was leaked to a popular hacker forum last week
π2
βΌ CVE-2017-20176 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25853 βΌ
π Read
via "National Vulnerability Database".
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125086 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25855 βΌ
π Read
via "National Vulnerability Database".
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.π Read
via "National Vulnerability Database".
π΄ How Cybercriminals Are Operationalizing Money Laundering and What to Do About It π΄
π Read
via "Dark Reading".
It's time to share threat intelligence, prioritize digital literacy and cyber hygiene, and use digital risk-protection services to stem the rising money laundering tide.π Read
via "Dark Reading".
Dark Reading
How Cybercriminals Are Operationalizing Money Laundering and What to Do About It
It's time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide.
β€1π1
β OpenSSH fixes double-free memory bug thatβs pokable over the network β
π Read
via "Naked Security".
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...π Read
via "Naked Security".
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
Itβs a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct codeβ¦
βΌ CVE-2021-36226 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36225 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44343 βΌ
π Read
via "National Vulnerability Database".
CRMEB 4.4.4 is vulnerable to Any File download.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29416 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36224 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27628 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone Γ’β¬β Lite Version plugin 3.1 Lite versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48085 βΌ
π Read
via "National Vulnerability Database".
Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-0679 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48164 βΌ
π Read
via "National Vulnerability Database".
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45722 βΌ
π Read
via "National Vulnerability Database".
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
β Finnish psychotherapy extortion suspect arrested in France β
π Read
via "Naked Security".
Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.π Read
via "Naked Security".
Naked Security
Finnish psychotherapy extortion suspect arrested in France
Company transcribed ultra-personal conversations, didnβt secure them. Criminal stole them, then extorted thousands of vulnerable patients.
ποΈ Google engineers plot to mitigate prototype pollution ποΈ
π Read
via "The Daily Swig".
Plan to create boundary between JavaScript objects and their blueprints gathers momentumπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google engineers plot to mitigate prototype pollution
Plan to create boundary between JavaScript objects and their blueprints gathers momentum