ποΈ MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications ποΈ
π Read
via "The Daily Swig".
Social engineering technique confuses victims to gain entry to their accountsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications
Social engineering technique confuses victims to gain entry to their accounts
β High-Severity RCE Bug Found in Popular Apache Cassandra Database β
π Read
via "Threat Post".
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit.π Read
via "Threat Post".
Threat Post
High-Severity RCE Bug Found in Popular Apache Cassandra Database
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit.
β Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers β
π Read
via "Threat Post".
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.π Read
via "Threat Post".
Threat Post
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.
βοΈ Red Cross Hack Linked to Iranian Influence Operation? βοΈ
π Read
via "Krebs on Security".
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.π Read
via "Krebs on Security".
Krebs on Security
Red Cross Hack Linked to Iranian Influence Operation?
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used byβ¦
π΄ Where AI Falls Down in Cybersecurity π΄
π Read
via "Dark Reading".
Almost every cybersecurity product claims to incorporate AI. Sometimes, though, that's a mirage.π Read
via "Dark Reading".
Dark Reading
DR Technology
βΌ CVE-2021-26726 βΌ
π Read
via "National Vulnerability Database".
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.π Read
via "National Vulnerability Database".
β VMWare fixes holes that could allow virtual machine escapes β
π Read
via "Naked Security".
Hats off to VMWare for not using weasel words: "When should you act?" Immediately...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Laminar Announces General Availability of Cloud Data Security Platform π΄
π Read
via "Dark Reading".
Solution monitors and protects public cloud data.π Read
via "Dark Reading".
Dark Reading
Laminar Announces General Availability of Cloud Data Security Platform
Solution monitors and protects public cloud data.
π΄ DoD Awards Attivo Networks Contract for Ransomware Mitigation π΄
π Read
via "Dark Reading".
Contract extends Attivoβs strategic support to the three major branches of the DoD β Air Force, Army, and Navy.π Read
via "Dark Reading".
Dark Reading
DoD Awards Attivo Networks Contract for Ransomware Mitigation
Contract extends Attivoβs strategic support to the three major branches of the DoD β Air Force, Army, and Navy.
π΄ SANS Institute Launches Cybersecurity Education Scholarship for HBCU Students and Alumni π΄
π Read
via "Dark Reading".
Applications will be open throughout all Black History Month and accepted until March 1, 2022.π Read
via "Dark Reading".
Dark Reading
SANS Institute Launches Cybersecurity Education Scholarship for HBCU Students and Alumni
Applications will be open throughout all Black History Month and accepted until March 1, 2022.
π΄ How to Fight the Novel Software Supply Chain Attacks of Tomorrow π΄
π Read
via "Dark Reading".
In the past year, attackers have focused on the lucrative supply chain. Organizations need to defend against such attacks, even inside their perimeters.π Read
via "Dark Reading".
Dark Reading
DR Technology
π΄ Pixelating Text Leads to Information Leakage, Warns Firm π΄
π Read
via "Dark Reading".
Blurring text isn't enough to obscure sensitive information. An offensive-security firm releases a tool showing how information can still be exposed.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Semiconductor Firm Again Alleges IP Theft π
π Read
via "".
The company has defended its confidential and proprietary information and trade secrets in the past.π Read
via "".
βΌ CVE-2020-6920 βΌ
π Read
via "National Vulnerability Database".
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23190 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21966 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23195 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23193 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3648 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39298 βΌ
π Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23188 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted malicious file in Illustrator.π Read
via "National Vulnerability Database".