β Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday β
π Read
via "Threat Post".
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.π Read
via "Threat Post".
Threat Post
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.
π1
π΄ Microsoft Patches Critical Exchange Server Flaw π΄
π Read
via "Dark Reading".
Remote code execution vulnerability among 71 bug fixes issued in March Patch Tuesday.π Read
via "Dark Reading".
Dark Reading
Microsoft Patches Critical Exchange Server Flaw
Remote code execution vulnerability among 71 bug fixes issued in March Patch Tuesday.
βΌ CVE-2022-26337 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26319 βΌ
π Read
via "National Vulnerability Database".
An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24739 βΌ
π Read
via "National Vulnerability Database".
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.π Read
via "National Vulnerability Database".
βοΈ Internet Backbone Giant Lumen Shuns .RU βοΈ
π Read
via "Krebs on Security".
Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world's Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen's decision comes just days after a similar exit by backbone provider Cogent, and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president's war in Ukraine.π Read
via "Krebs on Security".
Krebsonsecurity
Internet Backbone Giant Lumen Shuns .RU
Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world's Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen's decision comesβ¦
βΌ CVE-2022-0881 βΌ
π Read
via "National Vulnerability Database".
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.π Read
via "National Vulnerability Database".
β βDirty Pipeβ Linux kernel bug lets anyone write to any file β
π Read
via "Naked Security".
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-0482 βΌ
π Read
via "National Vulnerability Database".
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0896 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
π1
ποΈ Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware ποΈ
π Read
via "The Daily Swig".
A number of state bodies have been attacked since Russiaβs invasion beganπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware
A number of state bodies have been attacked since Russiaβs invasion began
β Russian APTs Furiously Phish Ukraine β Google β
π Read
via "Threat Post".
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.π Read
via "Threat Post".
Threat Post
Russian APTs Furiously Phish Ukraine β Google
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.
π΄ Zero Trust Can't Stop at the Federal Level π΄
π Read
via "Dark Reading".
The federal government must step in to help local and state governments implement zero trust.π Read
via "Dark Reading".
Dark Reading
Zero Trust Can't Stop at the Federal Level
The federal government must step in to help local and state governments implement zero trust.
ποΈ Critical Axeda vulnerabilities pose takeover risk to hundreds of IoT devices ποΈ
π Read
via "The Daily Swig".
Serious supply chain threat posed to downstream medical devices in particularπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical Axeda vulnerabilities pose takeover risk to hundreds of IoT devices
Serious supply chain threat posed to downstream medical devices in particular
π UFONet 1.8 π
π Read
via "Packet Storm Security".
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
UFONet 1.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Most ServiceNow Instances Misconfigured, Exposed β
π Read
via "Threat Post".
Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction.π Read
via "Threat Post".
Threat Post
Most ServiceNow Instances Misconfigured, Exposed
Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction.
βοΈ Microsoft Patch Tuesday, March 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of), and relatively few "critical" fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here's a look at the security weaknesses Microsoft says are most likely to be targeted first.π Read
via "Krebs on Security".
Krebsonsecurity
Microsoft Patch Tuesday, March 2022 Edition
Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of),β¦
ποΈ Exploit chain allows security researchers to pwn phone system ποΈ
π Read
via "The Daily Swig".
Cloudy with a chance of exploitsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Exploit chain allows security researchers to compromise Pascom phone systems
Cloudy with a chance of exploits
βΌ CVE-2022-23265 βΌ
π Read
via "National Vulnerability Database".
Microsoft Defender for IoT Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24464 βΌ
π Read
via "National Vulnerability Database".
.NET and Visual Studio Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24453 βΌ
π Read
via "National Vulnerability Database".
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456.π Read
via "National Vulnerability Database".