π’ Russian cyber attacks on Ukraine: What we know so far π’
π Read
via "ITPro".
A score of additional attacks on the Ukrainian government and other critical services have been reported this week, as Russia officially declares war on the countryπ Read
via "ITPro".
IT Pro
Russian cyber attacks on Ukraine: What we know so far
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfare
π’ Darktrace acquires attack surface management startup Cybersprint π’
π Read
via "ITPro".
The β¬47.5 million deal marks Darktraceβs first acquisition in its nine-year historyπ Read
via "ITPro".
IT PRO
Darktrace acquires attack surface management startup Cybersprint | IT PRO
The β¬47.5 million deal marks Darktraceβs first acquisition in its nine-year history
π1
π’ WatchGuard Firebox M290 review: Stiff security at a great price π’
π Read
via "ITPro".
The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBsπ Read
via "ITPro".
IT PRO
WatchGuard Firebox M290 review: Stiff security at a great price | IT PRO
The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBs
π’ IT Pro 20/20: The new frontier of innovation π’
π Read
via "ITPro".
Businesses are putting green tech at their heart of their buying decisions, and manufacturers and paying attentionπ Read
via "ITPro".
IT PRO
IT Pro 20/20: The new frontier of innovation | IT PRO
Businesses are putting green tech at their heart of their buying decisions, and manufacturers and paying attention
π’ Benefits of AI and machine learning for cloud security π’
π Read
via "ITPro".
AI and machine learning may not be a silver bullet, but they can still play an important part in cloud security strategiesπ Read
via "ITPro".
IT PRO
Benefits of AI and machine learning for cloud security | IT PRO
AI and machine learning may not be a silver bullet, but they can still play an important part in cloud security strategies
π’ Microsoft releases new security controls for multi-cloud customers π’
π Read
via "ITPro".
Tech giant adds Google Cloud protections for Defender for Cloud and CloudKnox Permission managementπ Read
via "ITPro".
ITPro
Microsoft releases new security controls for multi-cloud customers
Tech giant adds Google Cloud protections for Defender for Cloud and CloudKnox Permission management
π’ IRS lets taxpayers bypass facial recognition with virtual interviews π’
π Read
via "ITPro".
The temporary solution will be in effect through the 2022 tax filing seasonπ Read
via "ITPro".
IT PRO
IRS lets taxpayers bypass facial recognition with virtual interviews | IT PRO
The temporary solution will be in effect through the 2022 tax filing season
π’ How to encrypt files and folders in Windows 10 π’
π Read
via "ITPro".
Hereβs how to make your sensitive data unreadable to prying eyesπ Read
via "ITPro".
IT PRO
How to encrypt files and folders in Windows 10 | IT PRO
Hereβs how to make your sensitive data unreadable to prying eyes
π’ ICS and OT vulnerabilities more than doubled in 2021 π’
π Read
via "ITPro".
One in four flaws found in industrial systems had no patch, Dragos report findsπ Read
via "ITPro".
IT PRO
ICS and OT vulnerabilities more than doubled in 2021 | IT PRO
One in four flaws found in industrial systems had no patch, Dragos report finds
π’ GitHub goes open source on security research π’
π Read
via "ITPro".
Community members, enthusiasts, researchers, and academics are now able to submit their own research to widen the understanding of security vulnerabilitiesπ Read
via "ITPro".
IT PRO
GitHub goes open source on security research | IT PRO
Community members, enthusiasts, researchers, and academics are now able to submit their own research to widen the understanding of security vulnerabilities
π’ 100 million Samsung Galaxy devices vulnerable to cryptographic key hack π’
π Read
via "ITPro".
Widespread flaws in hardware-backed key management could enable hackers to bypass FIDO2 authenticationπ Read
via "ITPro".
IT PRO
100 million Samsung Galaxy devices vulnerable to cryptographic key hack | IT PRO
Widespread flaws in hardware-backed key management could enable hackers to bypass FIDO2 authentication
βΌ CVE-2022-25094 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25095 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25096 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21706 βΌ
π Read
via "National Vulnerability Database".
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com).π Read
via "National Vulnerability Database".
π2
βΌ CVE-2022-0762 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0763 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0764 βΌ
π Read
via "National Vulnerability Database".
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27958 βΌ
π Read
via "National Vulnerability Database".
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26146 βΌ
π Read
via "National Vulnerability Database".
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26149 βΌ
π Read
via "National Vulnerability Database".
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.π Read
via "National Vulnerability Database".