π΄ Security Teams Need to Investigate the Okta Breach Themselves π΄
π Read
via "Dark Reading".
Trust, but verify. While organizations wait for official alerts and notifications from Okta, security teams should also begin their own investigations to determine whether they have been exposed.π Read
via "Dark Reading".
Dark Reading
Security Teams Need to Investigate the Okta Breach Themselves
Trust, but verify. While organizations wait for official alerts and notifications from Okta, security teams should also begin their own investigations to determine whether they have been exposed.
βΌ CVE-2022-25518 βΌ
π Read
via "National Vulnerability Database".
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27666 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.16.15, there is a buffer overflow in ESP transformation in net/ipv4/esp4.c and net/ipv6/esp6.c via a large message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1033 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.π Read
via "National Vulnerability Database".
π΄ Darktrace AI Stops Cyberattack Exploiting Log4j Vulnerability at Global Financial Services Provider π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Darktrace AI Stops Cyberattack Exploiting Log4j Vulnerability at Global Financial Services Provider
CAMBRIDGE, UK, March 23, 2022 /PRNewswire/ -- Darktrace, a global leader in cyber security AI, today announced that a global provider of financial services recently detected and stopped an attacker attempting to leverage a vulnerability in Log4j to deployβ¦
π΄ Building a Red Team: How to Get Started π΄
π Read
via "Dark Reading".
These groups of authorized hackers work to infiltrate their customer's data, development environment, or any other business area to locate and identify vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Building a Red Team: How to Get Started
These groups of authorized hackers work to infiltrate their customer's data, development environment, or any other business area to locate and identify vulnerabilities.
ποΈ US and Canada reinstate cybercrime forum to prevent Russian cyber-attacks ποΈ
π Read
via "The Daily Swig".
North American nations agree to share information on key security issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US and Canada reinstate cybercrime forum to prevent Russian cyber-attacks
North American nations agree to share information on key security issues
βΌ CVE-2021-25220 βΌ
π Read
via "National Vulnerability Database".
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0635 βΌ
π Read
via "National Vulnerability Database".
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.π Read
via "National Vulnerability Database".
ποΈ Sophos fixes SQL injection vulnerability in UTM appliance ποΈ
π Read
via "The Daily Swig".
βGod boxβ loses its religionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Sophos fixes SQL injection vulnerability in UTM appliance
βGod boxβ loses its religion
β Microsoft: Lapsus$ Used Employee Account to Steal Source Code β
π Read
via "Threat Post".
The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.π Read
via "Threat Post".
Threat Post
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
In related news, fellow Lapsus$ victim and authentication firm Okta said that 2.5 percent of its customers were affected in the threat actor's attack.
π΄ F-Secure Rebrands as WithSecure, Spins Off Consumer Products π΄
π Read
via "Dark Reading".
Attempting to catch up with CrowdStrike, Microsoft, and Trend Micro, the Helsinki-based endpoint-protection firm "de-merges" its consumer-security business to focus on businesses.π Read
via "Dark Reading".
Dark Reading
F-Secure Rebrands as WithSecure, Spins Off Consumer Products
Attempting to catch up with CrowdStrike, Microsoft, and Trend Micro, the Helsinki-based endpoint-protection firm "de-merges" its consumer-security business to focus on businesses.
βΌ CVE-2022-0857 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0842 βΌ
π Read
via "National Vulnerability Database".
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44759 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0886 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0861 βΌ
π Read
via "National Vulnerability Database".
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0858 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44040 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0862 βΌ
π Read
via "National Vulnerability Database".
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0859 βΌ
π Read
via "National Vulnerability Database".
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.π Read
via "National Vulnerability Database".