Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35942PUBLISHED: 2022-08-12
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data ...
CVE-2022-35949PUBLISHED: 2022-08-12
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js con...
CVE-2022-35953PUBLISHED: 2022-08-12
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patche...
CVE-2022-35956PUBLISHED: 2022-08-12
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgra...
CVE-2022-35943PUBLISHED: 2022-08-12
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter ...
Black Hat USA 2022 Attendee ReportBlack Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Ninja
9/14/2020 | 5:03:36 PM
Hmm, interesting, we were the ones who created ransomware and deployed it to other countries but it was not designed to be used for monetary purposes, it was called cryptoviral extortion. So let's be clear, we invented it - the question you have to ask yourself - if it was created at Columbia University, how did it happen to appear from other nation-states radar and how is it that other countries are attacking us using our own software program. They reversed engineered it and sent it back to us. This also happened with Stuxnet and NitroZeus.
But the conversation was not only just based on that, it also covered numerous programs that were getting out of hand, managed by people who got sloppy drunk over their power broker decisions. It never fails, General Alexander, Clapper, and now DHS's power-hungry leader. The funny thing is that they (Congress) tried to denounce Clapper and Alexander's decision but they were the one's who authorized it, basically to deploy and initiate cyber-warfare on nation-states (some of which were even our allies - France and England - they found us spying on prime-minister's cell phone and Video conferencing sessions, we found a way to hack their session, those video conferencing sessions were held on US soil - NY/US).
It is funny how we act like the victim when we are the one's causing the problems, another instance of "chickens coming home to roost", for some reason, this sounds familiar.
T