βΌ CVE-2022-0559 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.π Read
via "National Vulnerability Database".
β Emotet Now Spreading Through Malicious Excel Files β
π Read
via "Threat Post".
An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.π Read
via "Threat Post".
Threat Post
Emotet Now Spreading Through Malicious Excel Files
An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.
ποΈ Poisoned pipelines: Security researcher explores attack methods in CI environments ποΈ
π Read
via "The Daily Swig".
Attack vector abuses permissions to force CI pipelines to execute arbitrary commandsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Poisoned pipelines: Security researcher explores attack methods in CI environments
Attack vector abuses permissions to force CI pipelines to execute arbitrary commands
π΄ Be Flexible About Where People Work β But Not on Data Privacy π΄
π Read
via "Dark Reading".
If your policies don't keep up with your work models, your company's sensitive information could be at risk.π Read
via "Dark Reading".
Dark Reading
Be Flexible About Where People Work β But Not on Data Privacy
If your policies don't keep up with your work models, your company's sensitive information could be at risk.
π΄ Hybrid Work Accelerated Fraud; Now, CSOs Are Taking a Seat at the Executive Table π΄
π Read
via "Dark Reading".
The days of security as a second-class citizen are over.π Read
via "Dark Reading".
Dark Reading
Hybrid Work Accelerated Fraud; Now CSOs Join Executives
The days of security as a second-class citizen are over.
βΌ CVE-2021-45391 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.π Read
via "National Vulnerability Database".
ποΈ MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications ποΈ
π Read
via "The Daily Swig".
Social engineering technique confuses victims to gain entry to their accountsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications
Social engineering technique confuses victims to gain entry to their accounts
β High-Severity RCE Bug Found in Popular Apache Cassandra Database β
π Read
via "Threat Post".
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit.π Read
via "Threat Post".
Threat Post
High-Severity RCE Bug Found in Popular Apache Cassandra Database
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit.
β Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers β
π Read
via "Threat Post".
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.π Read
via "Threat Post".
Threat Post
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.
βοΈ Red Cross Hack Linked to Iranian Influence Operation? βοΈ
π Read
via "Krebs on Security".
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.π Read
via "Krebs on Security".
Krebs on Security
Red Cross Hack Linked to Iranian Influence Operation?
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used byβ¦
π΄ Where AI Falls Down in Cybersecurity π΄
π Read
via "Dark Reading".
Almost every cybersecurity product claims to incorporate AI. Sometimes, though, that's a mirage.π Read
via "Dark Reading".
Dark Reading
DR Technology
βΌ CVE-2021-26726 βΌ
π Read
via "National Vulnerability Database".
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.π Read
via "National Vulnerability Database".
β VMWare fixes holes that could allow virtual machine escapes β
π Read
via "Naked Security".
Hats off to VMWare for not using weasel words: "When should you act?" Immediately...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Laminar Announces General Availability of Cloud Data Security Platform π΄
π Read
via "Dark Reading".
Solution monitors and protects public cloud data.π Read
via "Dark Reading".
Dark Reading
Laminar Announces General Availability of Cloud Data Security Platform
Solution monitors and protects public cloud data.
π΄ DoD Awards Attivo Networks Contract for Ransomware Mitigation π΄
π Read
via "Dark Reading".
Contract extends Attivoβs strategic support to the three major branches of the DoD β Air Force, Army, and Navy.π Read
via "Dark Reading".
Dark Reading
DoD Awards Attivo Networks Contract for Ransomware Mitigation
Contract extends Attivoβs strategic support to the three major branches of the DoD β Air Force, Army, and Navy.
π΄ SANS Institute Launches Cybersecurity Education Scholarship for HBCU Students and Alumni π΄
π Read
via "Dark Reading".
Applications will be open throughout all Black History Month and accepted until March 1, 2022.π Read
via "Dark Reading".
Dark Reading
SANS Institute Launches Cybersecurity Education Scholarship for HBCU Students and Alumni
Applications will be open throughout all Black History Month and accepted until March 1, 2022.
π΄ How to Fight the Novel Software Supply Chain Attacks of Tomorrow π΄
π Read
via "Dark Reading".
In the past year, attackers have focused on the lucrative supply chain. Organizations need to defend against such attacks, even inside their perimeters.π Read
via "Dark Reading".
Dark Reading
DR Technology
π΄ Pixelating Text Leads to Information Leakage, Warns Firm π΄
π Read
via "Dark Reading".
Blurring text isn't enough to obscure sensitive information. An offensive-security firm releases a tool showing how information can still be exposed.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Semiconductor Firm Again Alleges IP Theft π
π Read
via "".
The company has defended its confidential and proprietary information and trade secrets in the past.π Read
via "".
βΌ CVE-2020-6920 βΌ
π Read
via "National Vulnerability Database".
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23190 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".