Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Stolen Data on 80K+ Members of FBI-Run InfraGard Reportedly for Sale on Dark Web Forum

InfraGard's members include key security decision-makers and stakeholders from all 16 US civilian critical-infrastructure sectors.

DARKReading
Open in Source
#web#intel#auth#sap
The State of Cybersecurity: Why Industry Experts Are Optimistic

By Owais Sultan 2022 has been a tumultuous one for cybersecurity professionals. Breaches, hacks, and ransomware attacks have become commonplace in… This is a post from HackRead.com Read the original post: The State of Cybersecurity: Why Industry Experts Are Optimistic

WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections

New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.

Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps

Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail.

GPS Signals Are Being Disrupted in Russian Cities

Navigation system monitors have seen a recent uptick in interruptions since Ukraine began launching long-range drone attacks.

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework to

CVE-2022-32763: TALOS-2022-1541 || Cisco Talos Intelligence Group

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-27498: TALOS-2022-1531 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-29517: TALOS-2022-1529 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-29511: TALOS-2022-1530 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.