Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

CVE-2022-41697: TALOS-2022-1625 || Cisco Talos Intelligence Group

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVE
Open in Source
#vulnerability#web#mac#cisco#js#intel#auth#firefox
CVE-2022-41654: TALOS-2022-1624 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

Two New Security Flaws Reported in Ghost CMS Blogging Software

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654 (CVSS score: 8.5), the authentication bypass vulnerability that allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings.

Hackers Breach Okta's GitHub Repositories, Steal Source Code

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers," the company said in a public statement. "No action is required by customers." The security event, which was first

Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS

Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to

Iran’s Internet Blackouts Are Sabotaging Its Own Economy

A new US State Department assessment highlights the stark economic toll of Tehran’s recent shutdowns and platform control.

CVE-2022-38060: TALOS-2022-1589 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

CVE-2022-38065: TALOS-2022-1599 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages

Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.