Read Time:6 Second
FEDORA-EPEL-2023-6569f44fa5
Packages in this update:
moin-1.9.11-1.el7
Update description:
Security update
Daily Archives: January 6, 2023
CVE-2014-125050
Read Time:18 Second
A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.
Blind Eagle Hacking Group Targets South America With New Tools
Read Time:4 Second
Security experts from Check Point Research unveiled the findings in a new advisory
US Family Planning Non-Profit MFHS Confirms Ransomware Attack
Read Time:4 Second
The non-profit said its systems were compromised between August 2021 and April 2022
Remote Vulnerabilities in Automobiles
Centos Web Panel 7 Unauthenticated Remote Code Execution – CVE-2022-44877
Read Time:21 Second
Posted by Numan TÜRLE on Jan 06
[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 – < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan Türle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ – https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877
Description
————–
Bash commands can be run because double quotes are used to log incorrect…
14 UK schools suffer cyberattack, highly confidential documents leaked
Read Time:1 Minute, 5 Second
More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That’s according to a report from the BBC which claimed that children’s SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.
Passport, contract data stolen and posted on dark web
Pates Grammar School in Gloucestershire is one of 14 to have been impacted by the data breach, the BBC reported, with Vice Society hackers using generic search terms to steal documents. “One folder marked ‘passports’ contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked ‘contract’ contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked ‘confidential’ contains documents on the headmaster’s pay and student bursary fund recipients,” the BBC wrote. The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner’s Office (ICO) and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.
CVE-2014-125049
Read Time:24 Second
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2014-125048
Read Time:18 Second
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.
Twitter’s mushrooming data breach crisis could prove costly
Read Time:43 Second
Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk’s careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action.
Even as regulators in Europe begin to probe what appears to be a massive Twitter data breach, Twitter and Elon Musk have failed to comment publicly on the true extent of the breach. Experts say that unless Twitter gets ahead of the curve, informs regulators of the facts, and notifies users of how much of their public and private information has been exposed, the company could suffer serious financial and operating consequences.