π΄ Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats π΄
π Read
via "Dark Reading".
New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.π Read
via "Dark Reading".
Dark Reading
Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats
New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.
βΌ CVE-2022-29256 βΌ
π Read
via "National Vulnerability Database".
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31651 βΌ
π Read
via "National Vulnerability Database".
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31650 βΌ
π Read
via "National Vulnerability Database".
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.π Read
via "National Vulnerability Database".
π’ Open source packages with millions of installs hacked to harvest AWS credentials π’
π Read
via "ITPro".
Two popular open source packages used by Python and PHP developers have been quietly compromised with successful attacks already being reportedπ Read
via "ITPro".
IT PRO
Open source packages with millions of installs hacked to harvest AWS credentials | IT PRO
Two popular open source packages used by Python and PHP developers have been quietly compromised with successful attacks already being reported
π’ DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater π’
π Read
via "ITPro".
The $1.85 million grant will eventually pave the way for quantum internetπ Read
via "ITPro".
IT PRO
DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater | IT PRO
The $1.85 million grant will eventually pave the way for quantum internet
β Cybergang Claims REvil is Back, Executes DDoS Attacks β
π Read
via "Threat Post".
Actors claiming to be the defunct ransomware group are targeting one of Akamiβs customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.π Read
via "Threat Post".
Threat Post
Cybergang Claims REvil is Back, Executes DDoS Attacks
Actors claiming to be the defunct ransomware group are targeting one of Akamiβs customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.
β Poisoned Python and PHP packages purloin passwords for AWS access β
π Read
via "Naked Security".
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-42692 βΌ
π Read
via "National Vulnerability Database".
There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.π Read
via "National Vulnerability Database".
π΄ Most Common Threats in DBIR π΄
π Read
via "Dark Reading".
Supply chain and ransomware attacks increased dramatically this year, which explains why so many data breaches in this year's DBIR were grouped as system intrusion.π Read
via "Dark Reading".
Dark Reading
Most Common Threats in DBIR
Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.
β Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦ β
π Read
via "Naked Security".
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.π Read
via "Naked Security".
Naked Security
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
βΌ CVE-2022-29720 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40317 βΌ
π Read
via "National Vulnerability Database".
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42859 βΌ
π Read
via "National Vulnerability Database".
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29721 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42860 βΌ
π Read
via "National Vulnerability Database".
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611.π Read
via "National Vulnerability Database".
ποΈ Canadian healthcare provider issues data breach warning after server hack ποΈ
π Read
via "The Daily Swig".
SHN plays down concerns over medical records breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Canadian healthcare provider issues data breach warning after server hack
SHN plays down concerns over medical records breach
π΄ Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem π΄
π Read
via "Dark Reading".
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.π Read
via "Dark Reading".
Dark Reading
Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.
π΄ Act Now: Leveraging PCI Compliance to Improve Security π΄
π Read
via "Dark Reading".
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.π Read
via "Dark Reading".
Dark Reading
Act Now: Leveraging PCI Compliance to Improve Security
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.
π΄ Quanta Servers Caught With Pantsdown BMC Vulnerability π΄
π Read
via "Dark Reading".
Researchers discover 3-year-old critical firmware vulnerability running in popular cloud servers used to power hyperscalers and cloud providers alike.π Read
via "Dark Reading".
Dark Reading
Quanta Servers Caught With 'Pantsdown' BMC Vulnerability
Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.
ποΈ LinkedIn bug bounty program goes public with rewards of up to $18k ποΈ
π Read
via "The Daily Swig".
Social media platform ends private program after paying $250,000 in rewards over eight yearsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LinkedIn bug bounty program goes public with rewards of up to $18k
Social media platform ends private program after paying $250,000 in rewards over eight years
π1