π΄ Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate π΄
π Read
via "Dark Reading".
Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate
Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.
π΄ Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security π΄
π Read
via "Dark Reading".
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.π Read
via "Dark Reading".
Dark Reading
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.
π΄ BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses π΄
π Read
via "Dark Reading".
New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.π Read
via "Dark Reading".
Dark Reading
BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses
New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.
π΄ Valence Security Announces $25M Series A to Scale Delivery of Collaborative SaaS Security Remediation Solutions to Customers π΄
π Read
via "Dark Reading".
Led by Microsoft's M12 venture fund, Valence's Series A round accelerates the company's ability to help customers secure their SaaS mesh from risk created by democratized end-user adoption, third-party integrations, unmanaged identities, and external data sharing.π Read
via "Dark Reading".
Dark Reading
Valence Security Announces $25M Series A to Scale Delivery of Collaborative SaaS Security Remediation Solutions to Customers
Led by Microsoft's M12 venture fund, Valence's Series A round accelerates the company's ability to help customers secure their SaaS mesh from risk created by democratized end-user adoption, third-party integrations, unmanaged identities, and external dataβ¦
π΄ Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program π΄
π Read
via "Dark Reading".
Google admitted to loss of data responsive to 2016 search warrant and agreed to program enhancements, reporting obligations, and a first-of-its-kind Independent Compliance Professional.π Read
via "Dark Reading".
Dark Reading
Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program
Google admitted to loss of data responsive to 2016 search warrant and agreed to program enhancements, reporting obligations, and a first-of-its-kind Independent Compliance Professional.
π΄ 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds π΄
π Read
via "Dark Reading".
Independent research from Encore uncovers hidden costs of cyber attacks.π Read
via "Dark Reading".
Dark Reading
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Independent research from Encore uncovers hidden costs of cyber attacks.
π΄ Content Security Market Worth $2.2 Million by 2027 - Exclusive Study by MarketsandMarkets(TM) π΄
π Read
via "Dark Reading".
Concerns about breaches of sensitive information due to execution of malware scripts and growing adoption of cloud-based services are fueling growth of the content security market.π Read
via "Dark Reading".
Dark Reading
Content Security Market Worth $2.2 Million by 2027 - Exclusive Study by MarketsandMarkets(TM)
Concerns about breaches of sensitive information due to execution of malware scripts and growing adoption of cloud-based services are fueling growth of the content security market.
π΄ Cisco Warns AnyConnect VPNs Under Active Cyberattack π΄
π Read
via "Dark Reading".
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.π Read
via "Dark Reading".
Dark Reading
Cisco Warns AnyConnect VPNs Under Active Cyberattack
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.
π΄ 4 Reasons Open Source Matters for Cloud Security π΄
π Read
via "Dark Reading".
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.π Read
via "Dark Reading".
Dark Reading
4 Reasons Open Source Matters for Cloud Security
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.
ποΈ Jira Align flaws enabled malicious users to gain super admin privileges β and potentially worse ποΈ
π Read
via "The Daily Swig".
Lateral or upwards movement beyond the instance was theoretically possible, concludes researcherπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Jira Align flaws enabled malicious users to gain super admin privileges
Super admins can, among other things, modify Jira connections, reset user accounts, and modify security settings
βΌ CVE-2022-39357 βΌ
π Read
via "National Vulnerability Database".
Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20954 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20953 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20933 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20776 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20959 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20955 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20822 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20811 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
β Online ticketing company βSeeβ pwned for 2.5 years by attackers β
π Read
via "Naked Security".
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Ransomware Gangs Ramp Up Industrial Attacks in US π΄
π Read
via "Dark Reading".
The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.π Read
via "Dark Reading".
Dark Reading
Ransomware Gangs Ramp Up Industrial Attacks in US
The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.