π΄ Cyber Insurance and War Exclusions π΄
π Read
via "Dark Reading".
Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine.π Read
via "Dark Reading".
Dark Reading
Cyber Insurance and War Exclusions
Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine.
π΄ Could Gaming Close the Cyberskills Gap? π΄
π Read
via "Dark Reading".
The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.π Read
via "Dark Reading".
Dark Reading
Could Gaming Close the Cyberskills Gap?
The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.
β Serious Security: DEADBOLT β the ransomware that goes straight for for your backups β
π Read
via "Naked Security".
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.π Read
via "Naked Security".
Naked Security
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
Some tips on how to keep your network safe β even (or perhaps especially!) if you think youβre safe already.
βΌ CVE-2021-43736 βΌ
π Read
via "National Vulnerability Database".
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log ruleπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43738 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22316 βΌ
π Read
via "National Vulnerability Database".
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44139 βΌ
π Read
via "National Vulnerability Database".
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43737 βΌ
π Read
via "National Vulnerability Database".
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43735 βΌ
π Read
via "National Vulnerability Database".
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23242 βΌ
π Read
via "National Vulnerability Database".
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.π Read
via "National Vulnerability Database".
π Cybercrime Cost U.S. $6.9 Billion in 2021 π
π Read
via "".
The FBI's annual look at phishing, scam, and personal data breach statistics is out.π Read
via "".
Digital Guardian
Cybercrime Cost U.S. $6.9 Billion in 2021
The FBI's annual look at phishing, scam, and personal data breach statistics is out.
π΄ Okta Says 366 Customers Impacted via Third-Party Breach π΄
π Read
via "Dark Reading".
Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor.π Read
via "Dark Reading".
Dark Reading
Okta Says 366 Customers Impacted via Third-Party Breach
Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor.
π΄ FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021 π΄
π Read
via "Dark Reading".
The Internet Crime Complaint Center fielded 847,376 cybercrime reports last year, an increase of 7% from 2020.π Read
via "Dark Reading".
Dark Reading
FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021
The Internet Crime Complaint Center fielded 847,376 cybercrime reports last year, an increase of 7% from 2020.
βΌ CVE-2021-38278 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46064 βΌ
π Read
via "National Vulnerability Database".
IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26243 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38772 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.π Read
via "National Vulnerability Database".
βοΈ A Closer Look at the LAPSUS$ Data Extortion Group βοΈ
π Read
via "Krebs on Security".
Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish the information unless a ransom demand is paid. Here's a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.π Read
via "Krebs on Security".
Krebs on Security
A Closer Look at the LAPSUS$ Data Extortion Group
Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish the information unless a ransom demand isβ¦
βΌ CVE-2021-3748 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25223 βΌ
π Read
via "National Vulnerability Database".
Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23881 βΌ
π Read
via "National Vulnerability Database".
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.π Read
via "National Vulnerability Database".