β Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats β Again β
π Read
via "Threat Post".
Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'π Read
via "Threat Post".
Threat Post
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats β Again
Verizonβs annual report for 2022 confirms trends that have been years in the making.
βΌ CVE-2021-42886 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42887 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.π Read
via "National Vulnerability Database".
π΄ Why Network Object Management Is Critical for Managing Multicloud Network Security π΄
π Read
via "Dark Reading".
If you want your IT and security administrators to get buried in trivial workloads and productivity bottlenecks, having poor network object management is a great way to accomplish that.π Read
via "Dark Reading".
Dark Reading
Why Network Object Management Is Critical for Managing Multicloud Network Security
If you want your IT and security administrators to get buried in trivial workloads and productivity bottlenecks, having poor network object management is a great way to accomplish that.
π Friday Five 6/3 π
π Read
via "".
In this week's Friday Five, read up on how Russian ransomware gangs are wreaking havoc, how software vulnerabilities may put election integrity at risk, and why you should be careful when donating to Ukraine.
π Read
via "".
Digital Guardian
Friday Five 6/3
In this week's Friday Five, read up on how Russian ransomware gangs are wreaking havoc, how software vulnerabilities may put election integrity at risk, and why you should be careful when donating to Ukraine.
βΌ CVE-2021-42888 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42889 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42890 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.π Read
via "National Vulnerability Database".
β Atlassian announces 0-day hole in Confluence Server β update soon! β
π Read
via "Naked Security".
Zero-day announced - here's what you need to knowπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Iconium Software Releases DataLenz v1.3 for IBM zSystems π΄
π Read
via "Dark Reading".
DataLenz delivers real-time, machine learning-based breach detection with user behavior modeling for IBM zSystems.π Read
via "Dark Reading".
Dark Reading
Iconium Software Releases DataLenz v1.3 for IBM zSystems
DataLenz delivers real-time, machine learning-based breach detection with user behavior modeling for IBM zSystems.
π΄ Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover π΄
π Read
via "Dark Reading".
An unpatched remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.π Read
via "Dark Reading".
Dark Reading
Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover
A remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.
π΄ Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium π΄
π Read
via "Dark Reading".
The attack on Israeli organizations is the latest in a long line of attempts to compromise supply chains, as the APT looks to leverage that access to target a multitude of potential victims.π Read
via "Dark Reading".
Dark Reading
Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium
The attack on Israeli organizations is the latest in a long line of attempts to compromise supply chains, as the APT looks to leverage that access to target a multitude of potential victims.
π΄ YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links π΄
π Read
via "Dark Reading".
The latest iteration of CMD-based ransomware is sophisticated and tricky to detect β and integrates token theft and worming capabilities into its feature set.π Read
via "Dark Reading".
Dark Reading
YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links
The latest iteration of CMD-based ransomware is sophisticated and tricky to detect β and integrates token theft and worming capabilities into its feature set.
βΌ CVE-2021-42891 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42892 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.π Read
via "National Vulnerability Database".
βοΈ What Counts as βGood Faith Security Research?β βοΈ
π Read
via "Krebs on Security".
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in βgood faithβ when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines canβt be used as a defense in court, nor are they any kind of shield against civil prosecution.π Read
via "Krebs on Security".
Krebs on Security
What Counts as βGood Faith Security Research?β
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines stateβ¦
βΌ CVE-2021-42893 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26493 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions.π Read
via "National Vulnerability Database".
π΄ FDA: Patch Illumina DNA Sequencing Instruments, Stat π΄
π Read
via "Dark Reading".
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.π Read
via "Dark Reading".
Dark Reading
FDA: Patch Illumina DNA Sequencing Instruments, Stat
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.
βΌ CVE-2022-29770 βΌ
π Read
via "National Vulnerability Database".
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43271 βΌ
π Read
via "National Vulnerability Database".
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.)π Read
via "National Vulnerability Database".