β Cyberattackers Cook Up Employee Personal Data Heist for Meyer β
π Read
via "Threat Post".
The Conti gang breached the cookware giant's network, prepping thousands of employeesβ personal data for consumption by cybercrooks.π Read
via "Threat Post".
Threat Post
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
The Conti gang breached the cookware giant's network, prepping thousands of employeesβ personal data for consumption by cybercrooks.
βΌ CVE-2022-0714 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23608 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0713 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23654 βΌ
π Read
via "National Vulnerability Database".
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23652 βΌ
π Read
via "National Vulnerability Database".
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
β Gaming, Banking Trojans Dominate Mobile Malware Scene β
π Read
via "Threat Post".
The overall number of attacks on mobile users is down, but they're getting slicker, both in terms of malware functionality and vectors, researchers say.π Read
via "Threat Post".
Threat Post
Gaming, Banking Trojans Dominate Mobile Malware Scene
The overall number of attacks on mobile users is down, but they're getting slicker, both in terms of malware functionality and vectors, researchers say.
π΄ More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020 π΄
π Read
via "Dark Reading".
Threat actors maintained their relentless attacks on enterprise end users for yet another year, new study shows.π Read
via "Dark Reading".
Dark Reading
More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020
Threat actors maintained their relentless attacks on enterprise end users for yet another year, new study shows.
π΄ GitHub Opens Security Database to Community Contributions π΄
π Read
via "Dark Reading".
The Microsoft company will allow community members to add information and code samples to security advisories using the standard pull request to change the document.π Read
via "Dark Reading".
Dark Reading
GitHub Opens Security Database to Community Contributions
The Microsoft company will allow community members to add information and code samples to security advisories using the standard pull request to change the document.
βΌ CVE-2022-23635 βΌ
π Read
via "National Vulnerability Database".
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.π Read
via "National Vulnerability Database".
π΄ Hikvision Network Cyber-Protect Helps Ensure Physical Cybersecurity Protection π΄
π Read
via "Dark Reading".
Combines technology, education and tools to help dealers protect networked security systems.π Read
via "Dark Reading".
Dark Reading
Hikvision Network Cyber-Protect Helps Ensure Physical Cybersecurity Protection
Combines technology, education and tools to help dealers protect networked security systems.
π΄ Palo Alto Networks Introduces the Autonomous Security Platform, Cortex XSIAM π΄
π Read
via "Dark Reading".
The new AI-driven platform brings threat response times from days to minutes and provides a modern alternative to SIEM. Cortex XSIAM is currently available to a limited set of customers with general availability expected later this year.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Introduces the Autonomous Security Platform, Cortex XSIAM
The new AI-driven platform brings threat response times from days to minutes and provides a modern alternative to SIEM. Cortex XSIAM is currently available to a limited set of customers with general availability expected later this year.
π΄ Log4j Remediation Took Weeks or More for Over 50% of Organizations π΄
π Read
via "Dark Reading".
ISC(2) survey also found that half of cybersecurity teams worldwide worked on fixing Log4j issues on weekends and during time off.π Read
via "Dark Reading".
Dark Reading
Log4j Remediation Took Weeks or More for Over 50% of Organizations
(ISC)Β² survey also found that half of cybersecurity teams worldwide worked on fixing Log4j issues on weekends and during time off.
βΌ CVE-2022-23612 βΌ
π Read
via "National Vulnerability Database".
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21656 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23606 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0654 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43824 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21654 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43825 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21657 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade.π Read
via "National Vulnerability Database".