π’ Why convenience is the biggest threat to your security π’
π Read
via "ITPro".
The shortcuts and human error that lead to breaches - and how to guard against themπ Read
via "ITPro".
IT PRO
Why convenience is the biggest threat to your security | IT PRO
The shortcuts and human error that lead to breaches - and how to guard against them
βΌ CVE-2022-2242 βΌ
π Read
via "National Vulnerability Database".
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).π Read
via "National Vulnerability Database".
β Microsoft Patches βDogwalkβ Zero-Day and 17 Critical Flaws β
π Read
via "Threat Post".
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.π Read
via "Threat Post".
Threat Post
Microsoft Patches βDogwalkβ Zero-Day and 17 Critical Flaws
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
π΄ UntitledFlow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round π΄
π Read
via "Dark Reading".
First-of-its-kind solution discovers and protects both data at rest and in motion.π Read
via "Dark Reading".
Dark Reading
Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round
First-of-its-kind solution discovers and protects both data at rest and in motion.
ποΈ Cisco router flaw gives patient attackers full access to small business networks ποΈ
π Read
via "The Daily Swig".
Vulnerable path is reachable just once a day, but patches still need to be implemented as a matter of priorityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco router flaw gives patient attackers full access to small business networks
Vulnerable path is reachable just once a day, but patches still need to be implemented as a matter of priority
π΄ Compliance Certifications: Worth the Effort? π΄
π Read
via "Dark Reading".
Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.π Read
via "Dark Reading".
Dark Reading
Compliance Certifications: Worth the Effort?
Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.
βΌ CVE-2022-36324 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46304 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70ΓΒ°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70ΓΒ°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34661 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34660 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34659 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36323 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36325 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.π Read
via "National Vulnerability Database".
π΄ Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape π΄
π Read
via "Dark Reading".
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.π Read
via "Dark Reading".
Dark Reading
Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.
βοΈ The Security Pros and Cons of Using Email Aliases βοΈ
π Read
via "Krebs on Security".
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by a notation specific to the site you're signing up at -- lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here's a look at the pros and cons of adopting a unique alias for each website.π Read
via "Krebs on Security".
Krebs on Security
The Security Pros and Cons of Using Email Aliases
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed byβ¦
π΄ Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference
π΄ OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022 π΄
π Read
via "Dark Reading".
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.π Read
via "Dark Reading".
Dark Reading
OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.
π΄ Mimecast Announces Mimecast X1β’ Platform Providing Customers With Email and Collaboration Security π΄
π Read
via "Dark Reading".
Platform engineered to let organizations mitigate risk and manage complexities.π Read
via "Dark Reading".
Dark Reading
Mimecast Announces Mimecast X1β’ Platform Providing Customers With Email and Collaboration Security
Platform engineered to let organizations mitigate risk and manage complexities.
β APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦ β
π Read
via "Naked Security".
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!π Read
via "Naked Security".
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
If youβve ever written code that left stuff lying around in memory when you didnβt need it any moreβ¦ we bet youβve regretted it!
βΌ CVE-2022-38133 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some casesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-33926 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.π Read
via "National Vulnerability Database".