🔏 5 Multi-factor Authentication (MFA) Best Practices for 2022 🔏
📖 Read
via "".
Not all MFA strategies are created the same, so to ensure smooth MFA implementation, be sure to stick to these five best practices.
📖 Read
via "".
‼ CVE-2022-42081 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2249 ‼
📖 Read
via "National Vulnerability Database".
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42086 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42077 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28887 ‼
📖 Read
via "National Vulnerability Database".
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42087 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42079 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42078 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41403 ‼
📖 Read
via "National Vulnerability Database".
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42080 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.📖 Read
via "National Vulnerability Database".
🕴 KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista 🕴
📖 Read
via "Dark Reading".
Vista Equity Partners plans take the publicly traded security-awareness training vendor private.📖 Read
via "Dark Reading".
Dark Reading
KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista
Vista Equity Partners plans take the publicly traded security-awareness training vendor private.
🕴 Thoma Bravo to Acquire ForgeRock in $2.3B Deal 🕴
📖 Read
via "Dark Reading".
This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.📖 Read
via "Dark Reading".
Dark Reading
Thoma Bravo to Acquire ForgeRock in $2.3B Deal
This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.
🕴 WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod 🕴
📖 Read
via "Dark Reading".
Among other things, users who download the app could end up having their WhatsApp account details stolen.📖 Read
via "Dark Reading".
Dark Reading
WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod
Among other things, users who download the app could end up having their WhatsApp account details stolen.
👏1
‼ CVE-2022-39298 ‼
📖 Read
via "National Vulnerability Database".
MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39283 ‼
📖 Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39282 ‼
📖 Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3171 ‼
📖 Read
via "National Vulnerability Database".
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39297 ‼
📖 Read
via "National Vulnerability Database".
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.📖 Read
via "National Vulnerability Database".
📢 Zoom-themed cyber attacks fuel rapid malware growth 📢
📖 Read
via "ITPro".
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices📖 Read
via "ITPro".
IT PRO
Zoom-themed cyber attacks fuel rapid malware growth | IT PRO
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices
📢 Thoma Bravo's $2.3bn ForgeRock acquisition brings 2022 cyber investment to $12bn 📢
📖 Read
via "ITPro".
The firm will have spent big on three different digital identity access management companies in the last year, in addition to significant industry investments since 2019📖 Read
via "ITPro".
IT PRO
Thoma Bravo's $2.3bn ForgeRock acquisition brings 2022 cyber investment to $12bn | IT PRO
The firm will have spent big on three different digital identity access management companies in the last year, in addition to significant industry investments since 2019