π΄ When Patching Security Flaws, Smarter Trumps Faster π΄
π Read
via "Dark Reading".
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.π Read
via "Dark Reading".
Dark Reading
When Patching Security Flaws, Smarter Trumps Faster
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
π΄ 5 AI and Cybersecurity Predictions for 2022 π΄
π Read
via "Dark Reading".
Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.π Read
via "Dark Reading".
Dark Reading
5 AI and Cybersecurity Predictions for 2022
Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.
π΄ 1Password Raises $620M Series C, Now Valued at $6.8B π΄
π Read
via "Dark Reading".
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.π Read
via "Dark Reading".
Dark Reading
1Password Raises $620M Series C, Now Valued at $6.8B
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.
π Europol, Feds Take VPN Used by Cybercriminals Offline π
π Read
via "".
The service was being used to carry out ransomware deployment and other cybercrime activities.π Read
via "".
Digital Guardian
Europol, Feds Take VPN Used by Cybercriminals Offline
The service was being used to carry out ransomware deployment and other cybercrime activities.
β Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say β
π Read
via "Threat Post".
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russiaβs wider effort to undermine Ukraineβs sovereignty, according to analysts.π Read
via "Threat Post".
Threat Post
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russiaβs wider effort to undermine Ukraineβs sovereignty, according to analysts.
π΄ What Happens to My Organization If APIs Are Compromised? π΄
π Read
via "Dark Reading".
Once attackers have obtained access, they can compromise other systems or pivot within your networks.π Read
via "Dark Reading".
Dark Reading
What Happens to My Organization If APIs Are Compromised?
Once attackers have obtained access, they can compromise other systems or pivot within your networks.
βΌ CVE-2022-0243 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22769 βΌ
π Read
via "National Vulnerability Database".
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38789 βΌ
π Read
via "National Vulnerability Database".
Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings.π Read
via "National Vulnerability Database".
π΄ FireEye & McAfee Enterprise Renamed as Trellix π΄
π Read
via "Dark Reading".
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).π Read
via "Dark Reading".
Dark Reading
FireEye & McAfee Enterprise Renamed as Trellix
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).
βΌ CVE-2021-26247 βΌ
π Read
via "National Vulnerability Database".
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44777 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23225 βΌ
π Read
via "National Vulnerability Database".
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21699 βΌ
π Read
via "National Vulnerability Database".
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23842 βΌ
π Read
via "National Vulnerability Database".
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3816 βΌ
π Read
via "National Vulnerability Database".
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23843 βΌ
π Read
via "National Vulnerability Database".
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23046 βΌ
π Read
via "National Vulnerability Database".
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-23045 βΌ
π Read
via "National Vulnerability Database".
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21701 βΌ
π Read
via "National Vulnerability Database".
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create other resources that they may not have access to, such as `Pod`. This vulnerability impacts only an Alpha level feature, the Kubernetes Gateway API. This is not the same as the Istio Gateway type (gateways.networking.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Remove the gateways.gateway.networking.k8s.io CustomResourceDefinition, set PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER=true environment variable in Istiod, or remove CREATE permissions for gateways.gateway.networking.k8s.io objects from untrusted users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21679 βΌ
π Read
via "National Vulnerability Database".
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12.1. Istio 1.12 supports the hosts and notHosts fields in authorization policy with a new Envoy API shipped with the 1.12 data plane. A bug in the 1.12.0 and 1.12.1 incorrectly uses the new Envoy API with the 1.11 data plane. This will cause the hosts and notHosts fields to be always matched regardless of the actual value of the host header when mixing 1.12.0/1.12.1 control plane and 1.11 data plane. Users are advised to upgrade or to not mix the 1.12.0/1.12.1 control plane with 1.11 data plane if using hosts or notHosts field in authorization policy.π Read
via "National Vulnerability Database".