ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, Security Vulnerabilities

snap-confine must_mkdir_and_open_with_perms() Race Condition

...

Audience Hijacking ? A Retailer?s Grinch This Holiday Season

Understand the significant threat that audience hijacking poses to customer online buying journeys and retailers? revenue this holiday...

Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. Affected platforms: Windows Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later (unstable) What....

A gym heist in London goes cyber

A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds...

4 times students compromised school cybersecurity

For many students school can be a tough time, and we've all heard stories about bored or frustrated kids compromising school cybersecurity to change grades. Sometimes the students are celebrated, and other times it ends in them being expelled from school, or even prosecuted. Of course, these acts.....

CATS - REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints

REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header Intelligent: tests are generated based on data types and...

Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta

Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead...

Fedora: Security Advisory for golang-rsc-pdf (FEDORA-2022-5038c3236c)

The remote host is missing an update for...

Predatory Sparrow massively disrupts steel factories while keeping workers safe

Stuxnet's attack on Iran's uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts.....

U.S. Dept Of Defense: RXSS on ███████

I found Reflected XSS on https://███/contact-us/#.YsSAGCNBzaQ. The parameters in the contact form are not properly filtered, leading to possible insertion of " characters and javascript execution Impact Perform any action within the application that the user can perform. View any information that.....

A.S. Watson Group : PII Disclosure At `theperfumeshop.com/register/forOrder`

Summary: Hello there! I found a way to accesing any user's PII (full address, phone number, full name, ** all orders**, payment details [if the victim already saved before] ) who created a order in The Perfume Shop. This is happening via https://theperfumeshop.com/register/forOrder endpoint. I...

CVE-2022-28717

Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions,...

CVE-2022-28717

Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions,...

CVE-2022-27632

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware...

CVE-2022-27632

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware...

charlotte-et-bonnette.com Improper Access Control vulnerability OBB-2573711

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail

Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS...

Unbreakable Enterprise kernel security update

[4.14.35-2047.511.5.2] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755] [4.14.35-2047.511.5.1] - arm64, mm, efi: Account for GICv3...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.511.5.2.el7] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755] [4.14.35-2047.511.5.1] - arm64, mm, efi: Account for...

Russia Sanctions May Spark Escalating Cyber Conflict

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies,...

Friday Fun: From Idea to Animated Film

_It's Friday, and I thought we'd have fun talking about something a little different. __At Wordfence, one of my priorities is fostering a strong creative team and culture, and investing in creators. Emily Dalmas joined us as a full-time producer almost a year ago via her job as Associate Producer.....

Streaming wars continue — what about cyberthreats?

Last year became a banner year for the online entertainment industry. Driven by the pandemic lockdown restrictions and imposed work-from-home policies, people got to spend more time at home looking for replacements for familiar sources of entertainment. While theatres and sports stadiums suffered.....

alp-bayern.de Improper Access Control vulnerability OBB-2232377

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...