βΌ CVE-2022-27049 βΌ
π Read
via "National Vulnerability Database".
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27965 βΌ
π Read
via "National Vulnerability Database".
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27050 βΌ
π Read
via "National Vulnerability Database".
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27964 βΌ
π Read
via "National Vulnerability Database".
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24798 βΌ
π Read
via "National Vulnerability Database".
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. This has been fixed in IRRd 4.2.3 and the main branch. Versions in the 4.1.x series never were affected. Users of the 4.2.x series are strongly recommended to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27966 βΌ
π Read
via "National Vulnerability Database".
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24796 βΌ
π Read
via "National Vulnerability Database".
RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input validation/sanitization in the file upload mechanism allows remote, unauthenticated attackers with network access to the WebUI interface to achieve arbitrary operating system command execution via shell metacharacters in the HTTP query string. Injected commands are executed as root, thus leading to a full compromise of the underlying system and all its components. Versions after `2.31.25.20180428` and prior to `3.63.8.20220330` are affected. Users are advised to update to version `3.63.8.20220330` or newer. There are currently no known workarounds to mitigate the security impact and users are advised to update to the latest version available.π Read
via "National Vulnerability Database".
π’ Breaking end-to-end encryption would do more harm than good, warn IT professionals π’
π Read
via "ITPro".
Two-thirds of IT specialists said restricting the use of this technology would have a negative impact on protecting societyπ Read
via "ITPro".
IT PRO
Breaking end-to-end encryption would do more harm than good, warn IT professionals | IT PRO
Two-thirds of IT specialists said restricting the use of this technology would have a negative impact on protecting society
π’ Mobile security firm Zimperium to be acquired for $525 million π’
π Read
via "ITPro".
Texas-based Zimperium offers on-device mobile threat defense to protect against cyber attacksπ Read
via "ITPro".
IT PRO
Mobile security firm Zimperium to be acquired for $525 million | IT PRO
Texas-based Zimperium offers on-device mobile threat defense to protect against cyber attacks
π’ Google patches second Chrome browser zero-day of 2022 π’
π Read
via "ITPro".
Google acted quickly to secure against the type confusion vulnerability that was under active exploitationπ Read
via "ITPro".
ITPro
Google patches second Chrome browser zero-day of 2022
Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
π’ WatchGuard Firebox T40-W review: Powerful yet classy π’
π Read
via "ITPro".
A powerful desktop security appliance with classy remote monitoring and configuration servicesπ Read
via "ITPro".
IT PRO
WatchGuard Firebox T40-W review: Powerful yet classy | IT PRO
A powerful desktop security appliance with classy remote monitoring and configuration services
π’ Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert π’
π Read
via "ITPro".
With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'π Read
via "ITPro".
ITPro
Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert
With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'
π’ NCSC warns businesses against using Kaspersky products π’
π Read
via "ITPro".
Critical infrastructure companies, as well as organisations aiding Ukraine or criticising the Russian government, are at the highest risk of being compromisedπ Read
via "ITPro".
IT PRO
NCSC warns businesses against using Kaspersky products | IT PRO
Critical infrastructure companies, as well as organisations aiding Ukraine or criticising the Russian government, are at the highest risk of being compromised
π’ Leaked report on Okta breach reveals finer details of LAPSUS$ operation π’
π Read
via "ITPro".
Poor OPSEC and publicly available hacking tools allowed the hackers to pull off one of the most high-profile cyber attacks of the year so farπ Read
via "ITPro".
IT PRO
Leaked report on Okta breach reveals finer details of LAPSUS$ operation | IT PRO
Poor OPSEC and publicly available hacking tools allowed the hackers to pull off one of the most high-profile cyber attacks of the year so far
π’ Kaspersky declared threat to US national security π’
π Read
via "ITPro".
Kaspersky was added to the FCC's blacklist alongside China Mobile International and China Telecomπ Read
via "ITPro".
IT PRO
Kaspersky declared threat to US national security | IT PRO
Kaspersky was added to the FCC's blacklist alongside China Mobile International and China Telecom
π’ Cyber attackers' NFT blockchain heist nets hundreds of millions in stolen cryptocurrency π’
π Read
via "ITPro".
Ronin blockchain owner Sky Mavis said it's working with outside experts to ensure the stolen funds are returned to ownersπ Read
via "ITPro".
IT PRO
Cyber attackers' NFT blockchain heist nets hundreds of million in stolen cryptocurrency | IT PRO
Owner of the Ronin blockchain Sky Mavis said it's working with outside experts to ensure the stolen funds are returned to owners
π’ DCMS: A third of businesses experience "weekly" cyber attacks π’
π Read
via "ITPro".
Government data suggests senior managers are more worried about cyber attacks than ever beforeπ Read
via "ITPro".
IT PRO
DCMS: A third of businesses experience "weekly" cyber attacks | IT PRO
Government data suggests senior managers are more worried about cyber attacks than ever before
π’ Cyber incidents targeting UK financial services providers surged in 2021 π’
π Read
via "ITPro".
A fifth of incidents reported to the Financial Conduct Authority involved ransomwareπ Read
via "ITPro".
IT PRO
Cyber incidents targeting UK financial services providers surged in 2021 | IT PRO
A fifth of incidents reported to the Financial Conduct Authority involved ransomware
π’ The ten biggest threats to your Windows PC in 2022 π’
π Read
via "ITPro".
From malware to a man with a screwdriver called Steve, we round up the biggest dangers to your machine this yearπ Read
via "ITPro".
IT PRO
The ten biggest threats to your Windows PC in 2022 | IT PRO
From malware to a man with a screwdriver called Steve, we round up the biggest dangers to your machine this year
π’ Australian gov promises new cyber capabilities despite βmassive skills shortageβ π’
π Read
via "ITPro".
The country is investing $9.9 billion to triple its offensive cyber capabilities and double its cyber hunt and response activitiesπ Read
via "ITPro".
IT PRO
Australian gov promises new cyber capabilities despite βmassive skills shortageβ | IT PRO
The country is investing $9.9 billion to triple its offensive cyber capabilities and double its cyber hunt and response activities
π’ LAPSUS$ returns with Globant breach, leaking trove of data on top global businesses π’
π Read
via "ITPro".
Experts analysing the data dump told of the 'immense' damage that could be caused with access to such filesπ Read
via "ITPro".
IT PRO
LAPSUS$ returns with Globant breach, leaking trove of data on top global businesses | IT PRO
Experts analysing the data dump told of the 'immense' damage that could be caused with access to such files