What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-30 12:51:00 | 3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies (lien direct) | Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an | Guideline | ★★★★ | |
 |
2022-11-30 12:15:10 | CVE-2022-4228 (lien direct) | A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | Vulnerability Guideline | ||
|
2022-11-30 12:15:10 | CVE-2022-4231 (lien direct) | A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability. | Guideline | ||
|
2022-11-30 12:15:10 | CVE-2022-4232 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-11-30 12:15:10 | CVE-2022-4233 (lien direct) | A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591. | Vulnerability Guideline | ||
|
2022-11-30 12:15:10 | CVE-2022-4229 (lien direct) | A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | Vulnerability Guideline | ||
 |
2022-11-30 11:00:00 | API Security in the fast lane (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Today, an important measure for success in the tech sector is time to market. The speed at which you can launch your product and any new features can make a huge difference in meeting growing customer expectations, breaking new ground in an existing market, and standing out against your competitors. For many organizations, this speed to market is accelerated by employing APIs that rapidly share critical data between systems, enable business operations and reduce the need to reinvent the wheel. As such, APIs have become a strategic technology for businesses that want to keep moving forward, and quickly. In fact, according to research from Salt Security, “26% of businesses use at least twice as many APIs now as a year ago.” However, APIs can quickly lose their strategic value if they’re not protected properly. This is because today’s APIs expose more sensitive data than ever before, making them a highly valuable target for attack. Businesses that want to leverage the speed that comes from using APIs need to also invest the time and effort required to minimize the security risk they pose. Here’s a look into how. What makes API security different? So, what is API security? The Open Web Application Security Project (OWASP) defines it as strategies and solutions focused on mitigating the unique vulnerabilities and security risks of APIs. Sounds easy enough, right? The thing to remember is that API security differs from other security initiatives. With so many different APIs emerging on the scene every day, each with its own set of logic paths, it’s almost impossible to have a ubiquitous approach to securing every one. Plus, most of the security tools that companies tend to have in place — from web application firewalls and API gateways to identity and access management (IAM) tools — weren’t designed to prevent attacks on APIs. This is because APIs offer unique security challenges: The landscape is always changing and staying up to date with new and changing APIs is an insurmountable task. APIs are often subject to low-and-slow attacks that differ from traditional one-and-done mechanisms in that attackers spend time to evaluate the API and identify business logic gaps they can take advantage of. Common DevOps security tactics like “shifting left” don’t really apply to API security as they can’t uncover all the vulnerabilities rooted in API business logic gaps. In addition to that, APIs can be exploited through a number of threat vectors (10, according to OWASP) that could expose sensitive information. These include potential issues around authorization, authentication, data management, misconfigurations, monitoring, and more. What does this mean for businesses focused on growth? For organizations prioritizing rapid growth, there are ways to incorporate API security without severely compromising on speed and efficiency. Be proactive For starters, businesses should avoid leaving security as an afterthought. Force-fitting security functions into your API strategy after the fact can all but guarantee that you’ll slow down your launch and leave more vulnerabilities exposed than you address. That said, take your time to determine what proactive API security looks like for you. We referenced shift-left tactics above. This approach is one th | Threat Guideline | ★★★ | |
 |
2022-11-30 08:00:00 | Android and iOS apps with 15 million installs extort loan seekers (lien direct) | Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers. [...] | Guideline | ★★ | |
|
2022-11-30 07:15:09 | CVE-2022-4222 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. | Vulnerability Guideline | ||
 |
2022-11-29 23:30:00 | Roy Zinman, Israeli Defense Forces : En Cybersécurité, la meilleure résilience est la proactivité ! (lien direct) | Lors du dîner-débat du Cercle de ce 28 novembre 2022, Roy Zinman, ancien membre de l'Unité 8200, Former Intelligence Officer and Innovation Leader de l'Israeli Defense Forces, interviewé par Maria Iacono, Directrice des Assises de la Cybersécurité, Ready For IT et Finaki, de DG Consultants, a donné ses recommandations pour aider les organisations à faire face aux menaces de Cybersécurité. Selon Roy Zinman, en Cybersécurité, la meilleure résilience est la proactivité ! Pendant 25 ans, Roy Zinman a fait (...) - Investigations / affiche | General Information Guideline | ★★ | |
|
2022-11-29 21:15:10 | CVE-2021-31693 (lien direct) | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | Vulnerability Guideline | ||
|
2022-11-29 17:15:11 | CVE-2022-46148 (lien direct) | Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. | Vulnerability Guideline | ||
|
2022-11-29 17:00:00 | 7 Cyber Security Tips for SMBs (lien direct) | When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort? Unfortunately, when it comes to cyber security, size doesn't matter. Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple | Guideline | ★★★ | |
 |
2022-11-29 16:00:00 | Anomali Cyber Watch: Caller-ID Spoofing Actors Arrested, Fast-Moving Qakbot Infection Deploys Black Basta Ransomware, New YARA Rules to Detect Cobalt Strike, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Caller-ID spoofing, False-flag, Phishing, Ransomware, Russia, the UK, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Voice-Scamming Site “iSpoof” Seized, 100s Arrested in Massive Crackdown
(published: November 25, 2022)
iSpoof was a threat group offering spoofing for caller phone numbers (also known as Caller ID, Calling Line Identification). iSpoof core group operated out of the UK with presence in other countries. In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof. On November 24, 2022, Europol announced a joint operation involving Australia, Canada, France, Germany, Ireland, Lithuania, Netherlands, Ukraine, the UK, and the USA, that led to the arrest of 142 suspects and seizure of iSpoof websites.
Analyst Comment: Threat actors can spoof Caller ID (Calling Line Identification) similar to spoofing the “From:” header in an email. If contacted by an organization you should not confirm any details about yourself, take the caller’s details, disconnect and initiate a call back to the organization yourself using a trusted number. Legitimate organizations understand scams and fraud and do not engage in unsolicited calling.
Tags: iSpoof, Teejai Fletcher, United Kingdom, source-country:UK, Caller ID, Calling Line Identification, Voice-scamming, Social engineering
New Ransomware Attacks in Ukraine Linked to Russian Sandworm Hackers
(published: November 25, 2022)
On November 21, 2022, multiple organizations in Ukraine were targeted with new ransomware written in .NET. It was dubbed RansomBoggs by ESET researchers who attributed it to the Russia-sponsored Sandworm Team (aka Iridium, BlackEnergy). Sandworm distributed RansomBoggs from the domain controller using the same PowerShell script (PowerGap) that was seen in its previous attacks. RansomBoggs encrypts files using AES-256 in CBC mode using a randomly generated key. The key is RSA encrypted prior to storage and the encrypted files are appended with a .chsch extension.
Analyst Comment: Ransomware remains one of the most dangerous types of malware threats and even some government-sponsored groups are using it. Sandworm is a very competent actor group specializing in these forms of attack. Organizations with exposure to the military conflict in Ukraine, or considered by the Russian state to be providing support relating to the conflict, should prepare offline backups to minimize the effects of a potential data-availability-denial attack.
MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: detection:RansomBoggs, detection:Filecoder.Sullivan, malware-type:Ransomware, AES-256, PowerShell, detection:PowerGap, mitre-group:Sandworm Team, actor:Iridium, Russia |
Ransomware Malware Tool Threat Guideline | ★★★★ | |
|
2022-11-29 13:15:10 | CVE-2022-36433 (lien direct) | The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save. | Guideline | ||
 |
2022-11-29 13:00:41 | Researcher Spotlight: How working for Talos started out as an \'accident\' for Ashlee Benge before coming a second career (lien direct) | Talos' lead of data strategy and insights has a lot of weight on her shoulders currently, but it's nothing she's not used to | Guideline | ★★ | |
 |
2022-11-29 12:19:38 | Charles V of Spain Secret Code Cracked (lien direct) | Diplomatic code cracked after 500 years: In painstaking work backed by computers, Pierrot found “distinct families” of about 120 symbols used by Charles V. “Whole words are encrypted with a single symbol” and the emperor replaced vowels coming after consonants with marks, she said, an inspiration probably coming from Arabic. In another obstacle, he used meaningless symbols to mislead any adversary trying to decipher the message. The breakthrough came in June when Pierrot managed to make out a phrase in the letter, and the team then cracked the code with the help of Camille Desenclos, a historian. “It was painstaking and long work but there was really a breakthrough that happened in one day, where all of a sudden we had the right hypothesis,” she said... | Guideline | ★★★ | |
|
2022-11-29 11:00:00 | 5 Tips for protecting your connected vehicle against Cyberattacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As more connected vehicles hit the road, cyberattacks are increasing. Deloitte estimates that there will be over 470 million connected cars in use by 2025 if their popularity continues to grow at the current rate. And because each connected car produces about 25 GB of data every hour, they are a tempting challenge for cybercriminals and bad actors with malicious intent. Connected vehicles come with enhanced features that give drivers more to love about their favorite car brands, but cybersecurity in automobiles has a long way to go. If you drive a connected car or are considering buying one, you need to know how to protect your new car against a potential cyberattack. In this article, we’ll talk about how hackers can infiltrate your vehicle and what you can do to protect yourself and your car from a serious attack. Can your car get hacked? Cars today are built using hundreds of sensors connected to computers that help monitor how your car operates, add internet capabilities, and enable connected apps. While these technologies are helpful and convenient for drivers, they can also lead to data theft and even threaten your safety while driving. For example, remote manipulation, identity theft, and vehicle theft are all ways that bad actors can exploit the security vulnerabilities of your connected car. The push toward electric vehicles also poses a unique threat to connected car owners. A recent survey revealed that 79% of two-car households are considering an electric car for their next purchase, but ethical hacking exercises have shown that electric vehicles can easily be drained by remote hackers. This can potentially put drivers in a dangerous situation if they are stranded without a means of charging their vehicle. There are many ways that bad actors can hack into your car. They can manipulate the signal from a key fob to unlock your doors, change the code in the apps to create a backdoor to steal your data, learn about your driving habits, control your vehicle’s security response systems, and much more. Cars today are essentially human-assisted computers, which means they can be hacked just as easily as any other IoT device. How to protect your connected vehicle from a cyberattack Connected vehicles provide users convenience and peace of mind while traveling across the country or making their daily commute. But they also pose a significant threat when bad actors execute attacks for data theft, taking over vehicle controls, and even tracking your location. If you’re going to take advantage of connected vehicle features, you need to know how to protect yourself from becoming the victim of an automotive cyberattack. Here are five tips to protect your connected vehicle from an attack: Remove dongles Dongles are small devices that plug into the diagnostic port and allow companies to monitor your driving habits for various reasons. It can be used to monitor vehicle performance, improve gas mileage, and set more accurate insurance rates based on driving activity. Many people choose to use dongles to save money and ensure their car is running at top performance, but these devices can be an | Hack Threat Guideline | Deloitte Deloitte | ★★★ |
|
2022-11-29 09:15:09 | CVE-2022-4202 (lien direct) | A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-11-29 08:39:53 | GlobalSign rejoint " Connectivity Standards Alliance " (lien direct) | GlobalSign rejoint " Connectivity Standards Alliance " Le leader de l'identité des dispositifs IoT met son expertise en matière d'infrastructure à clé publique au service des membres. - Business | Guideline | ★★ | |
|
2022-11-28 23:00:00 | Livre Blanc de Flandrin Technologies : Protection des données sensibles – résilience des réseaux critiques des OIV et OSE (lien direct) | Découvrez le livre Blanc de Flandrin Technologies : Protection des données sensibles – résilience des réseaux critiques des OIV et OSE Evoluant dans un environnement ultra-connecté, vos données sensibles deviennent plus vulnérables car exposées aux cyber attaques de plus en plus fulgurantes et agressives. Deux grands enjeux de sécurité se dessinent aujourd'hui : la résilience des infrastructures critiques et la protection des données sensibles. - Livre Blanc / affiche | Guideline | ★★★★ | |
|
2022-11-28 22:15:11 | CVE-2022-4129 (lien direct) | A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | Guideline | ||
|
2022-11-28 14:15:18 | CVE-2022-3865 (lien direct) | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | Guideline | ||
|
2022-11-28 14:15:17 | CVE-2022-3849 (lien direct) | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | Guideline | ||
|
2022-11-28 14:15:17 | CVE-2022-3848 (lien direct) | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | Guideline | ||
|
2022-11-28 14:15:14 | CVE-2022-3769 (lien direct) | The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor | Guideline | ||
|
2022-11-28 14:15:13 | CVE-2022-3689 (lien direct) | The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | Guideline | ||
|
2022-11-28 14:15:13 | CVE-2022-3768 (lien direct) | The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | Guideline | ||
|
2022-11-28 14:15:12 | CVE-2022-3603 (lien direct) | The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection. | Guideline | ||
|
2022-11-28 14:15:11 | CVE-2022-2311 (lien direct) | The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue. | Guideline | ||
 |
2022-11-28 12:04:00 | BrandPost: 5 Reasons to Protect the Performance and Security of Your Pharmaceutical Business (lien direct) | One of the greatest lessons resulting from the COVID-19 pandemic is to expect the unexpected and proactively prepare for future unknowns. Like many others, the pharmaceutical industry has been revolutionized by accelerated digital transformation over the last few years. Research has shown that pharma leaders investing in the Internet of Things (IoT) are better equipped to overcome unforeseen challenges.For these proactive pharmaceutical leaders, two major areas have become increasingly important: preventing network outages and increasing security against cyberattacks. The 2021 State of Pharmaceuticals and Cybersecurity Report from Fortinet found that in the last year, 40% of businesses experienced outages affecting productivity, safety, compliance, revenue, or brand image. These outages are no small glitches: Industry experts estimate the total downtime cost (TDC) of a production disruption ranges from $100,000 to $500,000 per hour. A few disruptions a year can have a massive effect on the bottom line. This necessitates network and application performance management to minimize downtime.To read this article in full, please click here | Guideline | ★★ | |
|
2022-11-28 11:15:10 | CVE-2022-43588 (lien direct) | A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-28 11:15:10 | CVE-2022-43590 (lien direct) | A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-28 11:15:10 | CVE-2022-43589 (lien direct) | A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-26 02:15:10 | CVE-2022-45908 (lien direct) | In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | Guideline | ||
|
2022-11-25 19:15:11 | CVE-2022-39338 (lien direct) | user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser. | Vulnerability Guideline | ||
|
2022-11-25 17:15:10 | CVE-2022-37721 (lien direct) | PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | Guideline | ||
|
2022-11-25 16:15:10 | CVE-2022-37720 (lien direct) | Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | Guideline | ||
|
2022-11-25 15:15:10 | CVE-2022-38166 (lien direct) | In F?Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | Guideline | ||
|
2022-11-25 08:15:10 | CVE-2022-4091 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359. | Vulnerability Guideline | ||
|
2022-11-25 04:15:09 | CVE-2022-45886 (lien direct) | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | Guideline | ||
|
2022-11-24 22:30:00 | Florent Martial, SECKIOT : Réduire votre surface d\'attaque, c\'est d\'abord obtenir une visibilité exhaustive de vos équipements et une matrice des flux (lien direct) | Née en 2020, la société SECKIOT est une start-up française innovante qui a vocation à devenir le leader européen sur le marché de la cybersécurité dédiée aux systèmes cyber-physiques (systèmes industriels & IoT). La solution fournit un inventaire précis des équipements industriels, analyse les vulnérabilités, afin de réduire votre surface d'attaque et détecte les tentatives d'intrusion sur le réseau. SECKIOT est soutenue et financée par Bouygues. - THEMA / primetime, OT | Guideline | ★★ | |
 |
2022-11-24 17:07:13 | Stratégie cloud : 10 recommandations à retenir (lien direct) | Une "bonne" stratégie cloud engage IT et Métiers, priorise et ne fait pas l'impasse sur les options de sortie, indique le cabinet Gartner. | Guideline | ★★★ | |
|
2022-11-24 16:33:00 | Boost Your Security with Europe\'s Leading Bug Bounty Platform (lien direct) | As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, | Guideline | ★★★ | |
|
2022-11-24 13:15:10 | CVE-2022-4090 (lien direct) | A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | Vulnerability Guideline | ||
|
2022-11-24 11:36:00 | Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware (lien direct) | Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and | Ransomware Malware Guideline | ||
|
2022-11-24 10:15:11 | CVE-2022-4089 (lien direct) | A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324. | Vulnerability Guideline | ||
|
2022-11-24 10:15:11 | CVE-2022-4088 (lien direct) | A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
 |
2022-11-24 09:59:26 | An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware (lien direct) | >Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. In the last two […] | Ransomware Malware Guideline | ||
|
2022-11-24 07:15:11 | CVE-2022-44749 (lien direct) | A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
