βΌ CVE-2022-21679 βΌ
π Read
via "National Vulnerability Database".
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12.1. Istio 1.12 supports the hosts and notHosts fields in authorization policy with a new Envoy API shipped with the 1.12 data plane. A bug in the 1.12.0 and 1.12.1 incorrectly uses the new Envoy API with the 1.11 data plane. This will cause the hosts and notHosts fields to be always matched regardless of the actual value of the host header when mixing 1.12.0/1.12.1 control plane and 1.11 data plane. Users are advised to upgrade or to not mix the 1.12.0/1.12.1 control plane with 1.11 data plane if using hosts or notHosts field in authorization policy.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43269 βΌ
π Read
via "National Vulnerability Database".
In Code42 app before 8.8.0, eval injection allows an attacker to change a deviceΓ’β¬β’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0277 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0278 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
ποΈ Eleven prolific BEC scam suspects arrested in Nigeria ποΈ
π Read
via "The Daily Swig".
SilverTerrier brought to heelπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Eleven prolific BEC scam suspects arrested in Nigeria
SilverTerrier brought to heel
βΌ CVE-2022-0281 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34600 βΌ
π Read
via "National Vulnerability Database".
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for authorization of users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22820 βΌ
π Read
via "National Vulnerability Database".
Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45230 βΌ
π Read
via "National Vulnerability Database".
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3866 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip prior to main.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0282 βΌ
π Read
via "National Vulnerability Database".
Code Injection in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22733 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.π Read
via "National Vulnerability Database".
π΄ Cisco's Kenna Security Research Shows the Relative Likelihood of an Organization Being Exploited π΄
π Read
via "Dark Reading".
A record-breaking 20,130 vulnerabilities were reported in 2021. However, only 4% pose a high risk to organizations.π Read
via "Dark Reading".
Dark Reading
Cisco's Kenna Security Research Shows the Relative Likelihood of an Organization Being Exploited
A record-breaking 20,130 vulnerabilities were reported in 2021. However, only 4% pose a high risk to organizations.
π¦Ώ WAN report: Complexity continue to grow as more organizations close legacy data centers π¦Ώ
π Read
via "Tech Republic".
The sixth annual report from Aryaka found that IT teams are planning to invest more in 2022 but expect more transparency and control.π Read
via "Tech Republic".
TechRepublic
WAN report: Complexity continue to grow as more organizations close legacy data centers
The sixth annual report from Aryaka found that IT teams are planning to invest more in 2022 but expect more transparency and control.
ποΈ Red Cross suffers cyber-attack β data of 515,000 βhighly vulnerableβ people exposed ποΈ
π Read
via "The Daily Swig".
The βsophisticatedβ attack was detected last weekπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Red Cross suffers cyber-attack β data of 515,000 βhighly vulnerableβ people exposed
The βsophisticatedβ attack was detected last week
β SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack β
π Read
via "Threat Post".
The Fortune 500 integrated services company confirmed a βsystems intrusionβ that occurred in late December and is still under investigation in an SEC filing.π Read
via "Threat Post".
Threat Post
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack
R.R. Donnelly, the integrated services company, confirmed a βsystems intrusionβ that occurred in late December and is still under investigation.
π΄ 4 Ways to Develop Your Team's Cyber Skills π΄
π Read
via "Dark Reading".
Organizations need to invest in professional development β and then actually make time for it.π Read
via "Dark Reading".
Dark Reading
4 Ways to Develop Your Team's Cyber Skills
Organizations need to invest in professional development β and then actually make time for it.
ποΈ White House orders federal agencies to raise cybersecurity bar for national security systems ποΈ
π Read
via "The Daily Swig".
New guidance will bring standards into line with federal civilian networksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
White House orders federal agencies to raise cybersecurity bar for national security systems
New guidance will bring standards into line with federal civilian networks
β Red Cross Begs Attackers Not to Leak 515K Peopleβs Stolen Data β
π Read
via "Threat Post".
The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration.π Read
via "Threat Post".
Threat Post
Red Cross Begs Attackers Not to Leak Stolen Data for 515K People
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it's open to confidentially communicating with the attacker.
β Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs β
π Read
via "Threat Post".
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.π Read
via "Threat Post".
Threat Post
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
βΌ CVE-2022-0285 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.π Read
via "National Vulnerability Database".