π΄ FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure π΄
π Read
via "Dark Reading".
Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.π Read
via "Dark Reading".
Dark Reading
FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure
Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.
π΄ Details Released on SonicWall Flaws in SMA Devices π΄
π Read
via "Dark Reading".
The most serious of the five vulnerabilities disclosed today can lead to unauthenticated remote code execution on affected devices.π Read
via "Dark Reading".
Dark Reading
Details Released on SonicWall Flaws in SMA-100 Devices
The most serious of the five vulnerabilities disclosed today can lead to unauthenticated remote code execution on affected devices.
β WordPress Bugs Exploded in 2021, Most Exploitable β
π Read
via "Threat Post".
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.π Read
via "Threat Post".
Threat Post
WordPress Bugs Exploded in 2021, Most Exploitable
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
β MacOS Bug Could Let Creeps Snoop On You β
π Read
via "Threat Post".
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.π Read
via "Threat Post".
Threat Post
MacOS Bug Could Let Creeps Snoop On You
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.
βΌ CVE-2021-43973 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43974 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43053 βΌ
π Read
via "National Vulnerability Database".
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43054 βΌ
π Read
via "National Vulnerability Database".
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34704 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43971 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43052 βΌ
π Read
via "National Vulnerability Database".
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43972 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1573 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43055 βΌ
π Read
via "National Vulnerability Database".
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βοΈ βWormableβ Flaw Leads January 2022 Patch Tuesday βοΈ
π Read
via "Krebs on Security".
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is "wormable," meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.π Read
via "Krebs on Security".
Krebsonsecurity
βWormableβ Flaw Leads January 2022 Patch Tuesday
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems.β¦
π΄ Cloud Apps Replace Web as Source for Most Malware Downloads π΄
π Read
via "Dark Reading".
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.π Read
via "Dark Reading".
Dark Reading
Cloud Apps Replace Web as Source for Most Malware Downloads
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
π’ FBI warns of hackers mailing malicious USB sticks to businesses π’
π Read
via "ITPro".
The FIN7 cyber crime group is alleged to be behind the months-long wave of attacks against the defence, transportation, and insurance industriesπ Read
via "ITPro".
IT PRO
FBI warns of hackers mailing malicious USB sticks to businesses | IT PRO
The FIN7 cyber crime group is alleged to be behind the months-long wave of attacks against the defence, transportation, and insurance industries
βΌ CVE-2022-21897 βΌ
π Read
via "National Vulnerability Database".
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21916.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21842 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21902 βΌ
π Read
via "National Vulnerability Database".
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21896.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21895 βΌ
π Read
via "National Vulnerability Database".
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21919.π Read
via "National Vulnerability Database".