βΌ CVE-2022-1808 βΌ
π Read
via "National Vulnerability Database".
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31015 βΌ
π Read
via "National Vulnerability Database".
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1893 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-1947 βΌ
π Read
via "National Vulnerability Database".
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1285 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.π Read
via "National Vulnerability Database".
β Microsoft Releases Workaround for βOne-Clickβ 0Day Under Active Attack β
π Read
via "Threat Post".
Threat actors already are exploiting vulnerability, dubbed βFollinaβ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.π Read
via "Threat Post".
Threat Post
Microsoft Releases Workaround for βOne-Clickβ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed βFollinaβ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
βΌ CVE-2022-29875 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.π Read
via "National Vulnerability Database".
β Mysterious βFollinaβ zero-day hole in Office β hereβs what to do! β
π Read
via "Naked Security".
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Distinguishing AI Hype From Reality in SecOps π΄
π Read
via "Dark Reading".
AI and ML are important SecOps tools, but human involvement is still required.π Read
via "Dark Reading".
Dark Reading
Distinguishing AI Hype From Reality in SecOps
AI and ML are important SecOps tools, but human involvement is still required.
β Firefox 101 is out, this time with no 0-day scares (but update anyway!) β
π Read
via "Naked Security".
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.π Read
via "Naked Security".
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
After an intriguing month of Firefox releases, hereβs one with a bit less drama, probably to the collective relief of Mozillaβs coders.
ποΈ Horde Webmail contains zero-day RCE bug with no patch on the horizon ποΈ
π Read
via "The Daily Swig".
CSRF exploit requires user to open malicious emailπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Horde Webmail contains zero-day RCE bug with no patch on the horizon
CSRF exploit requires user to open malicious email
βΌ CVE-2020-26184 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-29098 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26185 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.π Read
via "National Vulnerability Database".
ποΈ US export ban on hacking tools tweaked after public consultation ποΈ
π Read
via "The Daily Swig".
Government has sought to allay misgivings of cybersecurity industryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US export ban on hacking tools tweaked after public consultation
Government has sought to allay misgivings of cybersecurity industry
π΄ StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments π΄
π Read
via "Dark Reading".
EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.π Read
via "Dark Reading".
Dark Reading
StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments
EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.
π΄ Security at the Edge: Why It's Complicated π΄
π Read
via "Dark Reading".
Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.π Read
via "Dark Reading".
Dark Reading
Security at the Edge: Why It's Complicated
Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.
π΄ Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacks and Adoption of Zero Trust Strategies π΄
π Read
via "Dark Reading".
Industry-first report finds zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually.π Read
via "Dark Reading".
Dark Reading
Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacksβ¦
Industry-first report finds zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually.
π΄ Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise
π΄ Help Organizations to Mitigate Risk in Microsoft 365 with 'Vectra Protect' π΄
π Read
via "Dark Reading".
Vectra offers a free of charge security assessment for your cloud tenant.π Read
via "Dark Reading".
Dark Reading
Help Organizations to Mitigate Risk in Microsoft 365 with 'Vectra Protect'
Vectra offers a free of charge security assessment for your cloud tenant.
π΄ Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security π΄
π Read
via "Dark Reading".
Rising threat of data breaches and ransomware attacks drives need for complete and accurate real-time information about devices and their risks.π Read
via "Dark Reading".
Dark Reading
Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security
Rising threat of data breaches and ransomware attacks drives need for complete and accurate real-time information about devices and their risks.