π’ Russian cyber attacks on Ukraine: What we know so far π’
π Read
via "ITPro".
A score of additional attacks on the Ukrainian government and other critical services have been reported this week, as Russia officially declares war on the countryπ Read
via "ITPro".
IT Pro
Russian cyber attacks on Ukraine: What we know so far
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfare
ποΈ Ukraine invasion: WordPress-hosted university websites hacked in βtargeted attacksβ ποΈ
π Read
via "The Daily Swig".
Education institutions hit by more than 100,000 attacks in 24 hoursπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ukraine invasion: WordPress-hosted university websites hacked in βtargeted attacksβ
Education institutions hit by more than 100,000 attacks in 24 hours
π΄ Reduce Risk With Better Cyber Due Diligence π΄
π Read
via "Dark Reading".
Done incorrectly, due diligence can result in slower integration of assets, which increases acquisition costs associated and could reduce expected gains.π Read
via "Dark Reading".
Dark Reading
Reduce Risk With Better Cyber Due Diligence
Done incorrectly, due diligence can result in slower integration of assets, which increases acquisition costs associated and could reduce expected gains.
π΄ NeuraLegion Rebrands as Bright Security π΄
π Read
via "Dark Reading".
Also announces $20 million Series A funding round led by Evolution Equity Partners.π Read
via "Dark Reading".
Dark Reading
NeuraLegion Rebrands as Bright Security
Also announces $20 million Series A funding round led by Evolution Equity Partners.
β Ransomware with a difference: βDerestrict your software, or else!β β
π Read
via "Naked Security".
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-0819 βΌ
π Read
via "National Vulnerability Database".
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24306 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25634 βΌ
π Read
via "National Vulnerability Database".
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23779 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24447 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24305 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.π Read
via "National Vulnerability Database".
π GRAudit Grep Auditing Tool 3.4 π
π Read
via "Packet Storm Security".
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.π Read
via "Packet Storm Security".
Packetstormsecurity
GRAudit Grep Auditing Tool 3.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ 3 Ways to Expand Gender Diversity in Cybersecurity π΄
π Read
via "Dark Reading".
Why this is important: A business that surrounds itself with the same kind of people who work on the same projects will not generate new or original ideas.π Read
via "Dark Reading".
Dark Reading
3 Ways to Expand Gender Diversity in Cybersecurity
Why this is important: A business that surrounds itself with the same kind of people who work on the same projects will not generate new or original ideas.
π1
βοΈ Conti Ransomware Group Diaries, Part II: The Office βοΈ
π Read
via "Krebs on Security".
Earlier this week, a Ukrainian security researcher leaked almost two yearsβ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesdayβs story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series weβll explore what itβs like to work for Conti, as described by the Conti employees themselves.π Read
via "Krebs on Security".
Krebs on Security
Conti Ransomware Group Diaries, Part II: The Office
Earlier this week, a Ukrainian security researcher leaked almost two yearsβ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesdayβs story examined how Conti dealt with its own internalβ¦
π1
π΄ Protecting Field Programmable Gate Arrays From Attacks π΄
π Read
via "Dark Reading".
FPGAs can be part of physical systems in the aerospace, medical, or industrial fields, so a security compromise can be potentially serious.π Read
via "Dark Reading".
Dark Reading
Protecting Field Programmable Gate Arrays From Attacks
FPGAs can be part of physical systems in the aerospace, medical, or industrial fields, so a security compromise can be potentially serious.
βΌ CVE-2022-25016 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-43070 βΌ
π Read
via "National Vulnerability Database".
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22350 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38996 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.π Read
via "National Vulnerability Database".
π΄ Companies' Code Leaking More Passwords and Secrets π΄
π Read
via "Dark Reading".
Software code pushed to online code repositories exposed twice as many secrets compared to last year, putting organizations' security at risk.π Read
via "Dark Reading".
Dark Reading
Companies' Code Leaking More Passwords and Secrets
Software code pushed to online code repositories exposed twice as many secrets compared to last year, putting organizations' security at risk.
π Senate Passes Act That Would Require Disclosing Cyberattacks π
π Read
via "".
The Senate has passed legislation that among other requirements, would require critical infrastructure entities to report to the federal government when they are hacked.π Read
via "".
Digital Guardian
Senate Passes Act That Would Require Disclosing Cyberattacks
The Senate has passed legislation that among other requirements, would require critical infrastructure entities to report to the federal government when they are hacked.