π Samhain File Integrity Checker 4.4.9 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Aircrack-ng Wireless Network Tools 1.7 π
π Read
via "Packet Storm Security".
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).π Read
via "Packet Storm Security".
Packetstormsecurity
Aircrack-ng Wireless Network Tools 1.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Top 6 Security Threats Targeting Remote Workers π΄
π Read
via "Dark Reading".
Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.π Read
via "Dark Reading".
Darkreading
Top 6 Security Threats Targeting Remote Workers
Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.
π΄ Breaking Down the Strengthening American Cybersecurity Act π΄
π Read
via "Dark Reading".
New federal cybersecurity rules will set timelines for critical infrastructure sector organizations β those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation β to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.π Read
via "Dark Reading".
Darkreading
Breaking Down the Strengthening American Cybersecurity Act
New federal cybersecurity rules will set timelines for critical infrastructure sector organizations β those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation β to report ransomware payments and cyberattacksβ¦
π΄ Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data π΄
π Read
via "Dark Reading".
Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.π Read
via "Dark Reading".
Darkreading
Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data
Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.
π΄ Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete) π΄
π Read
via "Dark Reading".
The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).π Read
via "Dark Reading".
Darkreading
Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)
The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).
βΌ CVE-2021-26339 βΌ
π Read
via "National Vulnerability Database".
A bug in AMD CPUΓ’β¬β’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39059 βΌ
π Read
via "National Vulnerability Database".
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26364 βΌ
π Read
via "National Vulnerability Database".
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26348 βΌ
π Read
via "National Vulnerability Database".
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26350 βΌ
π Read
via "National Vulnerability Database".
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26378 βΌ
π Read
via "National Vulnerability Database".
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0027 βΌ
π Read
via "National Vulnerability Database".
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0026 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29616 βΌ
π Read
via "National Vulnerability Database".
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26342 βΌ
π Read
via "National Vulnerability Database".
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26376 βΌ
π Read
via "National Vulnerability Database".
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46744 βΌ
π Read
via "National Vulnerability Database".
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26372 βΌ
π Read
via "National Vulnerability Database".
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3611 βΌ
π Read
via "National Vulnerability Database".
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0024 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.π Read
via "National Vulnerability Database".