🕴 Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached? 🕴
📖 Read
via "Dark Reading".
A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)📖 Read
via "Dark Reading".
Darkreading
Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached?
A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)
🕴 New Ransomware Variant Linked to North Korean Cyber Army 🕴
📖 Read
via "Dark Reading".
Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.📖 Read
via "Dark Reading".
Darkreading
VHD Ransomware Variant Linked to North Korean Cyber Army
Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.
❌ China-linked APT Caught Pilfering Treasure Trove of IP ❌
📖 Read
via "Threat Post".
A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.📖 Read
via "Threat Post".
Threat Post
China-linked APT Caught Pilfering Treasure Trove of IP
A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.
‼ CVE-2022-20764 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20753 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20801 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42235 ‼
📖 Read
via "National Vulnerability Database".
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41020 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43206 ‼
📖 Read
via "National Vulnerability Database".
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41032 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20780 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23724 ‼
📖 Read
via "National Vulnerability Database".
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20779 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20785 ‼
📖 Read
via "National Vulnerability Database".
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20777 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20051 ‼
📖 Read
via "National Vulnerability Database".
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28556 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28940 ‼
📖 Read
via "National Vulnerability Database".
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20794 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20796 ‼
📖 Read
via "National Vulnerability Database".
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20734 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.📖 Read
via "National Vulnerability Database".