“IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.”
Yearly Archives: 2022
CVE-2021-36906
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent
Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone’s attention.
The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.
CVE-2021-37823 (opencart)
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
CVE-2020-22820
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
CVE-2020-22819
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
CVE-2020-22818
TikTok Confirms Chinese Staff Can Access UK and EU User Data
The news comes from the social media giant’s head of privacy in Europe, Elaine Fox
Cyber Threat Landscape Shaped by Ukraine Conflict, ENISA Report Reveals
The EU cybersecurity agency released its 10th annual threat landscape report on November 3, 2022
Verified users beware! Scammers are exploiting Twitter turmoil caused by Elon Musk’s takeover
The world’s richest man’s plans for the news junkie’s favourite social network inevitably get a great deal of attention. Not everyone will be aware of the details of what Elon Musk might be planning for Twitter, but they will certainly be aware that it’s a hot topic.
And so if a Twitter user receives a message claiming to be about their verified account, they may very well believe it… and that makes them more susceptible to falling into a trap.
Read more in my article on the Tripwire State of Security blog.