Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

The Hunt for the Dark Web’s Biggest Kingpin, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

Wired
Open in Source
#vulnerability#web#ios#cisco#git#acer#auth
IoT Fingerprinting Helps Authenticate and Secure All Those Devices

For organizations struggling to protect a rapidly expanding volume of IoT devices, IoT fingerprinting could help with security and management.

Cisco warns of ISE vulnerability with no fixed release or workaround

Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: Identity Services Engine Tags: AnyConnect VPN server Tags: CVE-2022-20822 Tags: CVE-2022-20959 Tags: CVE-2022-20933 Tags: input validation Cisco's latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files. (Read more...) The post Cisco warns of ISE vulnerability with no fixed release or workaround appeared first on Malwarebytes Labs.

CVE-2021-46850: Release Version 0.9.8-26-43 · myvesta/vesta

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

OldGremlin Ransomware Gang Known for Targeting Russia Launches Linux Malware

By Deeba Ahmed According to Group-IB's report, OldGremlin Ransomware Gang poses as reputed firms to infiltrate networks via phishing emails. This is a post from HackRead.com Read the original post: OldGremlin Ransomware Gang Known for Targeting Russia Launches Linux Malware

Ankr Launches Chainscanner Blockchain Explorer Tool

By Waqas The Chainscanner is available for free on the Ankr website, allowing users to search for transaction data, addresses, smart contracts, and much more. This is a post from HackRead.com Read the original post: Ankr Launches Chainscanner Blockchain Explorer Tool

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36966: SolarWinds Platform 2022.4 Release Notes

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.