ποΈ White House orders federal agencies to raise cybersecurity bar for national security systems ποΈ
π Read
via "The Daily Swig".
New guidance will bring standards into line with federal civilian networksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
White House orders federal agencies to raise cybersecurity bar for national security systems
New guidance will bring standards into line with federal civilian networks
β Red Cross Begs Attackers Not to Leak 515K Peopleβs Stolen Data β
π Read
via "Threat Post".
The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration.π Read
via "Threat Post".
Threat Post
Red Cross Begs Attackers Not to Leak Stolen Data for 515K People
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it's open to confidentially communicating with the attacker.
β Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs β
π Read
via "Threat Post".
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.π Read
via "Threat Post".
Threat Post
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
βΌ CVE-2022-0285 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32039 βΌ
π Read
via "National Vulnerability Database".
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-44738 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.π Read
via "National Vulnerability Database".
β S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
Latest epsiode β listen now!
π΄ Enterprises Are Sailing Into a Perfect Storm of Cloud Risk π΄
π Read
via "Dark Reading".
Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.π Read
via "Dark Reading".
Dark Reading
Enterprises Are Sailing Into a Perfect Storm of Cloud Risk
Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.
π¦Ώ Secure your passwords and access them anywhere with LastPass π¦Ώ
π Read
via "Tech Republic".
LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices.π Read
via "Tech Republic".
TechRepublic
Secure your passwords and access them anywhere with LastPass
LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices.
π AIDE 0.17.4 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.17.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GRAudit Grep Auditing Tool 3.3 π
π Read
via "Packet Storm Security".
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.π Read
via "Packet Storm Security".
Packetstormsecurity
GRAudit Grep Auditing Tool 3.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle π¦Ώ
π Read
via "Tech Republic".
The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.π Read
via "Tech Republic".
TechRepublic
Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle
The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.
β Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug β
π Read
via "Threat Post".
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networksβ internal devices.π Read
via "Threat Post".
Threat Post
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software.
βΌ CVE-2021-44829 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44735 βΌ
π Read
via "National Vulnerability Database".
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45417 βΌ
π Read
via "National Vulnerability Database".
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44091 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44736 βΌ
π Read
via "National Vulnerability Database".
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the Γ’β¬Εout of service eraseΓ’β¬οΏ½ feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44734 βΌ
π Read
via "National Vulnerability Database".
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21658 βΌ
π Read
via "National Vulnerability Database".
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44737 βΌ
π Read
via "National Vulnerability Database".
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.π Read
via "National Vulnerability Database".