🕴 Kovrr Translates Cyber Risk into Business Impact with its Quantum Platform 🕴
📖 Read
via "Dark Reading".
On-demand cyber risk quantification platform enables C-suite to prioritize and justify cybersecurity investments through financial quantification.📖 Read
via "Dark Reading".
Dark Reading
Kovrr Translates Cyber Risk into Business Impact with its Quantum Platform
On-demand cyber risk quantification platform enables C-suite to prioritize and justify cybersecurity investments through financial quantification.
‼ CVE-2021-44840 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44836 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44838 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44839 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21696 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username.📖 Read
via "National Vulnerability Database".
🕴 Kaspersky Announces Takedown Service 🕴
📖 Read
via "Dark Reading".
Service facilitates the removal of malicious and phishing domains.📖 Read
via "Dark Reading".
Dark Reading
Kaspersky Announces Takedown Service
Service facilitates the removal of malicious and phishing domains.
🕴 Take 'Urgent' Steps to Secure Systems From Damaging Attacks, CISA Says 🕴
📖 Read
via "Dark Reading".
CISA issues alert for senior leadership of US organizations amid rising tensions between Russia and Ukraine.📖 Read
via "Dark Reading".
Dark Reading
Take 'Urgent' Steps to Secure Systems From Damaging Attacks, CISA Says
CISA issues alert for senior leadership of US organizations amid rising tensions between Russia and Ukraine.
🕴 End Users Remain Organizations' Biggest Security Risk 🕴
📖 Read
via "Dark Reading".
Yet they're showing signs of improvement across several important areas, a Dark Reading survey reveals.📖 Read
via "Dark Reading".
Dark Reading
End Users Remain Organizations' Biggest Security Risk
Yet they're showing signs of improvement across several important areas, a Dark Reading survey reveals.
❌ Will 2022 Be the Year of the Software Bill of Materials? ❌
📖 Read
via "Threat Post".
Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.📖 Read
via "Threat Post".
Threat Post
Will 2022 Be the Year of the Software Bill of Materials?
Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.
🕴 Researchers Explore Hacking VirusTotal to Find Stolen Credentials 🕴
📖 Read
via "Dark Reading".
VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.📖 Read
via "Dark Reading".
Dark Reading
Researchers Explore Hacking VirusTotal to Find Stolen Credentials
VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.
‼ CVE-2022-21688 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. An adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated. This issue has been patched in version 2.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23408 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21673 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21689 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21693 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21695 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21691 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom.📖 Read
via "National Vulnerability Database".
🕴 Cloud Identity Startup Permiso Launches With $10M Seed 🕴
📖 Read
via "Dark Reading".
Permiso's co-founders say the No. 1 problem in the cloud is identity, and their platform is designed to tackle the notoriously difficult challenge of monitoring the activity of those identities.📖 Read
via "Dark Reading".
Dark Reading
Cloud Identity Startup Permiso Launches With $10M Seed
Permiso's co-founders say the No. 1 problem in the cloud is identity, and their platform is designed to tackle the notoriously difficult challenge of monitoring the activity of those identities.
🕴 Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organizations 🕴
📖 Read
via "Dark Reading".
"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organizations
"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.
‼ CVE-2022-21692 ‼
📖 Read
via "National Vulnerability Database".
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant.📖 Read
via "National Vulnerability Database".