β Microsoft Releases Workaround for βOne-Clickβ 0Day Under Active Attack β
π Read
via "Threat Post".
Threat actors already are exploiting vulnerability, dubbed βFollinaβ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.π Read
via "Threat Post".
Threat Post
Microsoft Releases Workaround for βOne-Clickβ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed βFollinaβ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
βΌ CVE-2022-29875 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.π Read
via "National Vulnerability Database".
β Mysterious βFollinaβ zero-day hole in Office β hereβs what to do! β
π Read
via "Naked Security".
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Distinguishing AI Hype From Reality in SecOps π΄
π Read
via "Dark Reading".
AI and ML are important SecOps tools, but human involvement is still required.π Read
via "Dark Reading".
Dark Reading
Distinguishing AI Hype From Reality in SecOps
AI and ML are important SecOps tools, but human involvement is still required.
β Firefox 101 is out, this time with no 0-day scares (but update anyway!) β
π Read
via "Naked Security".
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.π Read
via "Naked Security".
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
After an intriguing month of Firefox releases, hereβs one with a bit less drama, probably to the collective relief of Mozillaβs coders.
ποΈ Horde Webmail contains zero-day RCE bug with no patch on the horizon ποΈ
π Read
via "The Daily Swig".
CSRF exploit requires user to open malicious emailπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Horde Webmail contains zero-day RCE bug with no patch on the horizon
CSRF exploit requires user to open malicious email
βΌ CVE-2020-26184 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-29098 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26185 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.π Read
via "National Vulnerability Database".
ποΈ US export ban on hacking tools tweaked after public consultation ποΈ
π Read
via "The Daily Swig".
Government has sought to allay misgivings of cybersecurity industryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US export ban on hacking tools tweaked after public consultation
Government has sought to allay misgivings of cybersecurity industry
π΄ StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments π΄
π Read
via "Dark Reading".
EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.π Read
via "Dark Reading".
Dark Reading
StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments
EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.
π΄ Security at the Edge: Why It's Complicated π΄
π Read
via "Dark Reading".
Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.π Read
via "Dark Reading".
Dark Reading
Security at the Edge: Why It's Complicated
Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.
π΄ Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacks and Adoption of Zero Trust Strategies π΄
π Read
via "Dark Reading".
Industry-first report finds zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually.π Read
via "Dark Reading".
Dark Reading
Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacksβ¦
Industry-first report finds zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually.
π΄ Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise
π΄ Help Organizations to Mitigate Risk in Microsoft 365 with 'Vectra Protect' π΄
π Read
via "Dark Reading".
Vectra offers a free of charge security assessment for your cloud tenant.π Read
via "Dark Reading".
Dark Reading
Help Organizations to Mitigate Risk in Microsoft 365 with 'Vectra Protect'
Vectra offers a free of charge security assessment for your cloud tenant.
π΄ Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security π΄
π Read
via "Dark Reading".
Rising threat of data breaches and ransomware attacks drives need for complete and accurate real-time information about devices and their risks.π Read
via "Dark Reading".
Dark Reading
Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security
Rising threat of data breaches and ransomware attacks drives need for complete and accurate real-time information about devices and their risks.
π΄ 10 No-BS Tips for Building a Diverse and Dynamic Security Team π΄
π Read
via "Dark Reading".
Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry.π Read
via "Dark Reading".
Dark Reading
10 No-BS Tips for Building a Diverse and Dynamic Security Team
Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry.
ποΈ Researcher goes public with WordPress CSP bypass hack ποΈ
π Read
via "The Daily Swig".
Technique skirts web security controlsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher goes public with WordPress CSP bypass hack
Technique skirts web security controls
π Everything You Need To Know About the CIA Triad π
π Read
via "".
Learn about the CIA Triad and why it can be a helpful model to guide policies for information security within an organization.π Read
via "".
Digital Guardian
Everything You Need To Know About the CIA Triad
Learn about the CIA Triad and why it can be a helpful model to guide policies for information security within an organization.
βΌ CVE-2021-27914 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascriptπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31000 βΌ
π Read
via "National Vulnerability Database".
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.π Read
via "National Vulnerability Database".