Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Researchers net $46k for Akamai misconfiguration vulnerability

A lesson in how to achieve maximum value for your discoveries

PortSwigger
Open in Source
#vulnerability#web#ios#apple#microsoft
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability

ProxyNotShell – the New Proxy Hell?

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to

A week in security (September 26 – October 2)

Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (September 26 – October 2) appeared first on Malwarebytes Labs.

MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries

By Owais Sultan Patience is no longer a virtue when talking about website or app performance. Users get frustrated after waiting for… This is a post from HackRead.com Read the original post: MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution

ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran's internet shutdown, but actually pulling it off is proving difficult and risky.

CVE-2022-20855: Cisco Security Advisory: Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.