π OpenSSH 8.9p1 π
π Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 8.9p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-0727 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0726 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0729 βΌ
π Read
via "National Vulnerability Database".
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
π΄ Why Passwordless Is at an Impasse π΄
π Read
via "Dark Reading".
Many widely used business applications aren't built to support passwordless login because identity and authentication remain siloed.π Read
via "Dark Reading".
Dark Reading
Why Passwordless Is at an Impasse
Many widely used business applications aren't built to support passwordless login because identity and authentication remain siloed.
π΄ Ransomware Trained on Manufacturing Firms Led Cyberattacks in Industrial Sector π΄
π Read
via "Dark Reading".
Meanwhile, a few "alarming" infiltrations of OT networks by previously unknown threat groups occurred last year as well.π Read
via "Dark Reading".
Dark Reading
Ransomware Trained on Manufacturing Firms Led Cyberattacks in Industrial Sector
Meanwhile, a few "alarming" infiltrations of OT networks by previously unknown threat groups occurred last year as well.
β Creaky Old WannaCry, GandCrab Top the Ransomware Scene β
π Read
via "Threat Post".
Nothing like zombie campaigns: WannaCry's old as dirt, and GandCrab threw in the towel years ago. They're on auto-pilot at this point, researchers say.π Read
via "Threat Post".
Threat Post
Creaky Old WannaCry, GandCrab Top the Ransomware Scene
Nothing like zombie campaigns: WannaCry's old as dirt, and GandCrab threw in the towel years ago. They're on auto-pilot at this point, researchers say.
ποΈ EU countries offer cyber-defense assistance to Ukraine ποΈ
π Read
via "The Daily Swig".
Increase in cyber-attacks expected to accompany further incursions into Ukrainian territoryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
EU countries offer cyber-defense assistance to Ukraine
Increase in cyber-attacks expected to accompany further incursions into Ukrainian territory
β Sextortion Rears Its Ugly Head Again β
π Read
via "Threat Post".
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."π Read
via "Threat Post".
Threat Post
Sextortion Rears Its Ugly Head Again
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."
π΄ Microsoft Debuts Unified Service for Multicloud ID Management π΄
π Read
via "Dark Reading".
With nine in 10 companies adopting a multicloud strategy, service providers are focused on finding ways to support the management and security efforts of businesses that rely on multiple cloud resources.π Read
via "Dark Reading".
Dark Reading
Microsoft Debuts Unified Service for Multicloud ID Management
With nine in 10 companies adopting a multicloud strategy, service providers are focused on finding ways to support the management and security efforts of businesses that rely on multiple cloud resources.
β WordPress backup plugin maker Updraft says βYou should updateββ¦ β
π Read
via "Naked Security".
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!π Read
via "Naked Security".
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
A straight-talking bug report written in plain English by an actual expert β thereβs a teachable moment in this cybersecurity story!
β Apple AirTag anti-stalking protection bypassed by researchers β
π Read
via "Naked Security".
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.π Read
via "Naked Security".
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
Problems with Appleβs Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
βΌ CVE-2022-20625 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20650 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0476 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20623 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20624 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
π΄ CISA Warns of New Malware Framework Used by Russian 'Sandworm' Hacking Team π΄
π Read
via "Dark Reading".
Russian General Staff Main Intelligence Directorate (GRU) hacking team appears to have swapped its VPNFilter malware platform for the so-called Cyclops Blink malware framework.π Read
via "Dark Reading".
Dark Reading
CISA Warns of New Malware Framework Used by Russian 'Sandworm' Hacking Team
Russian General Staff Main Intelligence Directorate (GRU) hacking team appears to have swapped its VPNFilter malware platform for the so-called Cyclops Blink malware framework.
π΄ Tales from the Dark Web, Part 3: How Criminals Monetize Ransomware π΄
π Read
via "Dark Reading".
Ransomware operators rely on cryptocurrency and other payment schemes to keep their activities under the radar and harder to trace.π Read
via "Dark Reading".
Dark Reading
Tales from the Dark Web, Part 3: How Criminals Monetize Ransomware
Ransomware operators rely on cryptocurrency and other payment schemes to keep their activities under the radar and harder to trace.
π΄ What Does Least Privilege Access Mean for Cloud Security? π΄
π Read
via "Dark Reading".
While traditional security controls are necessary at the perimeter, organizations also need to prevent malicious privileged access.π Read
via "Dark Reading".
Dark Reading
What Does Least Privilege Access Mean for Cloud Security?
While traditional security controls are necessary at the perimeter, organizations also need to prevent malicious privileged access.
π Fraud Cost Americans $5.8 Billion in 2021 π
π Read
via "".
Americans lost more than 70% more to fraud last year than the year before, proof that tactics used by scammers from the early days of the pandemic are still working.π Read
via "".