β Google: 2021 was a Banner Year for Exploited 0-Day Bugs β
π Read
via "Threat Post".
Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes.π Read
via "Threat Post".
Threat Post
Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes.
π΄ Fortress Tackles Supply Chain Security, One Asset at a Time π΄
π Read
via "Dark Reading".
Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information.π Read
via "Dark Reading".
Dark Reading
Fortress Tackles Supply Chain Security, One Asset at a Time
Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information.
ποΈ UK government employees receive βbillionsβ of malicious emails per year β report ποΈ
π Read
via "The Daily Swig".
Phishing, malware, and spam are popular techniques deployed by attackersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government employees receive βbillionsβ of malicious emails per year β report
Phishing, malware, and spam are popular techniques deployed by attackers
π΄ From Passive Recovery to Active Readiness π΄
π Read
via "Dark Reading".
This is the shift that companies need to make after a cyberattack.π Read
via "Dark Reading".
Dark Reading
From Passive Recovery to Active Readiness
This is the shift that companies need to make after a cyberattack.
βΌ CVE-2022-1254 βΌ
π Read
via "National Vulnerability Database".
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25344 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25343 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25342 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed.π Read
via "National Vulnerability Database".
β Beanstalk cryptocurrency heist: scammer votes himself all the money β
π Read
via "Naked Security".
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Backward-Compatible Post-Quantum Communications Is a Matter of National Security π΄
π Read
via "Dark Reading".
When a quantum computer can decipher the asymmetric encryption protecting our vital systems, Q-Day will arrive.π Read
via "Dark Reading".
Dark Reading
Backward-Compatible Post-Quantum Communications Is a Matter of National Security
When a quantum computer can decipher the asymmetric encryption protecting our vital systems, Q-Day will arrive.
β Most Email Security Approaches Fail to Block Common Threats β
π Read
via "Threat Post".
A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.π Read
via "Threat Post".
Threat Post
Most Email Security Approaches Fail to Block Common Threats
A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.
β Critical cryptographic Java security blunder patched β update now! β
π Read
via "Naked Security".
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ How Russia Is Isolating Its Own Cybercriminals π΄
π Read
via "Dark Reading".
Sanctions imposed by the Biden administration, coupled with Russia's proposed initiative to cut itself off from the global Internet, is causing cybercriminals to ponder their future.π Read
via "Dark Reading".
Dark Reading
How Russia Is Isolating Its Own Cybercriminals
Sanctions imposed by the Biden administration, coupled with Russia's proposed initiative to cut itself off from the global Internet, is causing cybercriminals to ponder their future.
π CISA Releases Draft Guidance on SCuBA Cloud Security π
π Read
via "".
The program hopes to get agencies on the same page when it comes to implementing security and resilience practices when utilizing cloud services.π Read
via "".
Digital Guardian
CISA Releases Draft Guidance on SCuBA Cloud Security
The program hopes to get agencies on the same page when it comes to implementing security and resilience practices when utilizing cloud services.
βΌ CVE-2022-0567 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43933 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43986 βΌ
π Read
via "National Vulnerability Database".
The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26516 βΌ
π Read
via "National Vulnerability Database".
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38483 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27179 βΌ
π Read
via "National Vulnerability Database".
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1039 βΌ
π Read
via "National Vulnerability Database".
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.π Read
via "National Vulnerability Database".