What we know about VMWare CVE-2022–31656 and CVE-2022–31659

Takeaways: VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server. Imperva Threat Research has seen a sharp rise in attacks since a POC was published on August 9, mostly...

Users with the JBOperations.RECONFIGURE role can change the project controller if the project hasn't launched yet

Lines of code Vulnerability details Impact Only project owners, or users with the JBOperations.SETCONTROLLER role are supposed to be able to change the controller JBOperations.MIGRATION too if while doing a migration. The JBOperations.RECONFIGURE role is meant to be a less powerful role so this...

Socialhunter - Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked

Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company's reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Currently, ...

There are multiple ways for admins/governance to rug users

Lines of code Vulnerability details Impact A malicious admin can steal user funds or lock their balances forever Even if the user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Proof of Concept Unlike the original Convex code that goes...

The Challenge Digital Executive Protection Poses to Enterprise Security Teams

In our previous articles for Threatpost, we’ve talked a lot about how the attack surface has expanded into the personal digital lives of executives and high-profile employees. About how their online privacy, personal devices, and home networks are now primary targets – either to compromise them...

Moderate: fapolicyd security, bug fix, and enhancement update

Fapolicyd File Access Policy Daemon implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights...

ALSA-2022:1898 Moderate: fapolicyd security, bug fix, and enhancement update

Fapolicyd File Access Policy Daemon implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights...

CVE-2022-20767

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...

CVE-2022-20767

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...

FlywheelCore.setBooster() can be used to steal unclaimed rewards

Lines of code Vulnerability details Impact A malicious authorized user can steal all unclaimed rewards and break the reward accounting Even if the authorized user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Furthermore since this...

Index managers can rug user funds

Lines of code Vulnerability details Impact The ORDERERROLE role has the ability to arbitrarily transfer user funds, and this role is shared between both the orderer and people who can rebalance the index. Even if the owner is benevolent the fact that there is a rug vector available may negatively...

What to Know About Anti-Malware Solutions for 2022

By Waqas Anti-malware software is something that can save your business from total financial destruction and save its reputation. Anti-malware… This is a post from HackRead.com Read the original post: What to Know About Anti-Malware Solutions for 2022...

The vulnerability of the Web-Based Reputation Score (WBRS) mechanism in the Cisco AsyncOS operating system of Cisco Web Security Appliance internet gateways allows a perpetrator to access blocked content.

The vulnerability of the Web-Based Reputation Score WBRS mechanism in the Cisco AsyncOS operating system and Cisco Web Security Appliance firewalls is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain access to blocked content...

Burning collateralContractAddress by mistake in closeLoan

Lines of code closeLoan; L116-216 Vulnerability details Impact ERC721 used as collateral could possibly never return to borrower. Proof of Concept No zero address check for sendCollateralTo might lead to sending ERC721 used as collateral to inexistent address. Use of transferFrom instead of...

CVE-2022-20784

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

CVE-2022-20784

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

CVE-2022-20784

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

Cross site request forgery (csrf)

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

Of Cybercriminals and IP Addresses

You don't like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide at least the good ones, for example, behind layers of proxies, VPNs, or TOR nodes. Their IP address will never be exposed directly to the target's...

Lack of checks between _swapData and _lifiData could lead to loss of funds and reputation risk.

Lines of code LibSwap.swap swapTokensGeneric Vulnerability details Impact Users could input incongruent values for lifiData and swapData leading to a swap no being processed correctly and users not getting any of the expected lifiData.receivingAssetId. It can also damage reputation because LiFi...