InfoSec News Feeds

\ Latest Updates

Aggregated InfoSec News

Packetstorm

  • ILIAS eLearning 7.15 Command Injection / XSS /...
    on 9 December 2022 at 2:55 PM

    ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.

  • Intel Data Center Manager 4.1 SQL Injection
    on 9 December 2022 at 2:54 PM

    Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected.

  • Red Hat Security Advisory 2022-8889-01
    on 9 December 2022 at 2:52 PM

    Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

THN

  • Using XDR to Consolidate and Optimize...
    by [email protected] (The Hacker News) on 9 December 2022 at 5:50 PM

    Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify […]

  • New Truebot Malware Variant Leveraging Netwrix...
    by [email protected] (The Hacker News) on 9 December 2022 at 5:16 PM

    Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a […]

  • Why is Robust API Security Crucial in eCommerce?
    by [email protected] (The Hacker News) on 9 December 2022 at 1:48 PM

    API attacks are on the rise. One of their major targets is eCommerce firms like yours.  APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world.  ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. […]

PortSwigger

Security Affaris

  • CommonSpirit confirms data breach impacts 623K...
    by Pierluigi Paganini on 9 December 2022 at 7:20 PM

    CommonSpirit Health confirmed that the October security breach resulted in the exposure of the personal data of 623,774 patients. In early October, Common Spirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that caused severe inconvenience to the facilities and […]

  • Pwn2Own Toronto 2022 Day 3: Participants earned...
    by Pierluigi Paganini on 9 December 2022 at 2:39 PM

    On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks […]

  • Cisco discloses high-severity flaw impacting IP...
    by Pierluigi Paganini on 9 December 2022 at 12:02 PM

    Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An […]

HackerOne

WeLiveSecurity

  • Fantasy – a new Agrius wiper deployed through a...
    by Adam Burgher on 7 December 2022 at 10:30 AM

    ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity

  • Tractors vs. threat actors: How to hack a farm
    by Jake Moore on 5 December 2022 at 10:30 AM

    Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity

  • ScarCruft updates its toolset – Week in...
    by Editor on 2 December 2022 at 2:00 PM

    Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive The post ScarCruft updates its toolset – Week in security with Tony Anscombe appeared first on WeLiveSecurity

TheRegister

Security Week

  • Interpres Security Emerges From Stealth Mode With...
    by Ionut Arghire on 9 December 2022 at 2:08 PM

    Defense management startup Interpres Security on Thursday announced that it has emerged from stealth mode with $8.5 million in a seed funding round led by Ten Eleven Ventures and a solution designed to help companies optimize security performance. read more

  • Healthcare Organizations Warned of Royal...
    by Ionut Arghire on 9 December 2022 at 1:53 PM

    The US Department of Health and Human Services (HHS) is warning healthcare organizations of the threat posed by ongoing Royal ransomware attacks. Initially spotted in September 2022, the ransomware family is employed by a financially-motivated threat actor that also uses known tools for […]

  • Cisco Working on Patch for Publicly Disclosed IP...
    by Eduard Kovacs on 9 December 2022 at 12:52 PM

    Cisco informed customers on Thursday that it’s working on patches for a high-severity vulnerability affecting some of its IP phones. read more

Exploit-DB Updates