β βDirty Pipeβ Linux kernel bug lets anyone write to any file β
π Read
via "Naked Security".
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-0482 βΌ
π Read
via "National Vulnerability Database".
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0896 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
π1
ποΈ Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware ποΈ
π Read
via "The Daily Swig".
A number of state bodies have been attacked since Russiaβs invasion beganπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware
A number of state bodies have been attacked since Russiaβs invasion began
β Russian APTs Furiously Phish Ukraine β Google β
π Read
via "Threat Post".
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.π Read
via "Threat Post".
Threat Post
Russian APTs Furiously Phish Ukraine β Google
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.
π΄ Zero Trust Can't Stop at the Federal Level π΄
π Read
via "Dark Reading".
The federal government must step in to help local and state governments implement zero trust.π Read
via "Dark Reading".
Dark Reading
Zero Trust Can't Stop at the Federal Level
The federal government must step in to help local and state governments implement zero trust.
ποΈ Critical Axeda vulnerabilities pose takeover risk to hundreds of IoT devices ποΈ
π Read
via "The Daily Swig".
Serious supply chain threat posed to downstream medical devices in particularπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical Axeda vulnerabilities pose takeover risk to hundreds of IoT devices
Serious supply chain threat posed to downstream medical devices in particular
π UFONet 1.8 π
π Read
via "Packet Storm Security".
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
UFONet 1.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Most ServiceNow Instances Misconfigured, Exposed β
π Read
via "Threat Post".
Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction.π Read
via "Threat Post".
Threat Post
Most ServiceNow Instances Misconfigured, Exposed
Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction.
βοΈ Microsoft Patch Tuesday, March 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of), and relatively few "critical" fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here's a look at the security weaknesses Microsoft says are most likely to be targeted first.π Read
via "Krebs on Security".
Krebsonsecurity
Microsoft Patch Tuesday, March 2022 Edition
Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of),β¦
ποΈ Exploit chain allows security researchers to pwn phone system ποΈ
π Read
via "The Daily Swig".
Cloudy with a chance of exploitsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Exploit chain allows security researchers to compromise Pascom phone systems
Cloudy with a chance of exploits
βΌ CVE-2022-23265 βΌ
π Read
via "National Vulnerability Database".
Microsoft Defender for IoT Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24464 βΌ
π Read
via "National Vulnerability Database".
.NET and Visual Studio Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24453 βΌ
π Read
via "National Vulnerability Database".
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23286 βΌ
π Read
via "National Vulnerability Database".
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-23297 βΌ
π Read
via "National Vulnerability Database".
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24507 βΌ
π Read
via "National Vulnerability Database".
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24522 βΌ
π Read
via "National Vulnerability Database".
Skype Extension for Chrome Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24520 βΌ
π Read
via "National Vulnerability Database".
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24510 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24471 βΌ
π Read
via "National Vulnerability Database".
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24517, CVE-2022-24520.π Read
via "National Vulnerability Database".