π΄ Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise π΄
π Read
via "Dark Reading".
The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.π Read
via "Dark Reading".
Dark Reading
Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise
The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.
π΄ Palo Alto Networks Appoints Helmut Reisinger to Leadership Team π΄
π Read
via "Dark Reading".
Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Appoints Helmut Reisinger to Leadership Team
Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.
π΄ Why CIOs Should Report to CISOs π΄
π Read
via "Dark Reading".
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.π Read
via "Dark Reading".
Dark Reading
Why CIOs Should Report to CISOs
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.
ποΈ Latest web hacking tools β Q1 2022 ποΈ
π Read
via "The Daily Swig".
We take a look at the latest additions to security researchersβ armoryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Latest web hacking tools β Q1 2022
We take a look at the latest additions to security researchersβ armory
βΌ CVE-2021-44168 βΌ
π Read
via "National Vulnerability Database".
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43711 βΌ
π Read
via "National Vulnerability Database".
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.π Read
via "National Vulnerability Database".
π΄ Vinnie Liu Has a Mission: Keeping People Safe Online and Offline π΄
π Read
via "Dark Reading".
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.π Read
via "Dark Reading".
Dark Reading
Vinnie Liu Has a Mission: Keeping People Safe Online and Offline
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.
ποΈ US retailer PulseTV warns of apparent credit card data breach ποΈ
π Read
via "The Daily Swig".
Payment system updated amidst fears 200,000 records may have been exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US retailer PulseTV warns of apparent credit card data breach
Payment system updated amidst fears 200,000 records may have been exposed
β McMenamins Data Breach Affects 12 Years of Employee Info β
π Read
via "Threat Post".
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.π Read
via "Threat Post".
Threat Post
McMenamins Data Breach Affects 12 Years of Employee Info
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
β Purple Fox Rootkit Dropped by Malicious Telegram Installers β
π Read
via "Threat Post".
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.π Read
via "Threat Post".
Threat Post
Purple Fox Rootkit Dropped by Malicious Telegram Installers
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
βΌ CVE-2021-45912 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20012 βΌ
π Read
via "National Vulnerability Database".
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20013 βΌ
π Read
via "National Vulnerability Database".
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20016 βΌ
π Read
via "National Vulnerability Database".
In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45389 βΌ
π Read
via "National Vulnerability Database".
StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41789 βΌ
π Read
via "National Vulnerability Database".
In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20020 βΌ
π Read
via "National Vulnerability Database".
In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20018 βΌ
π Read
via "National Vulnerability Database".
In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20019 βΌ
π Read
via "National Vulnerability Database".
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20021 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45913 βΌ
π Read
via "National Vulnerability Database".
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.π Read
via "National Vulnerability Database".