π΄ Is MFA the Vegetable of Cybersecurity? π΄
π Read
via "Dark Reading".
Donβt fuss now β another helping of multifactor authentication can keep your organization strong and its data safer.π Read
via "Dark Reading".
Dark Reading
Is MFA the Vegetable of Cybersecurity?
Multifactor authentification is crucial for creating a healthy cybersecurity posture, but many companies are slow to adopt.
β Serious Security: MD5 considered harmful β to the tune of $600,000 β
π Read
via "Naked Security".
It's not just the hashing, by the way. It's the salting and the stretching, too!π Read
via "Naked Security".
Naked Security
Serious Security: MD5 considered harmful β to the tune of $600,000
Itβs not just the hashing, by the way. Itβs the salting and the stretching, too!
βΌ CVE-2022-4257 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.π Read
via "National Vulnerability Database".
β The CHRISTMA EXEC network worm β 35 years and counting! β
π Read
via "Naked Security".
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...π Read
via "Naked Security".
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
βUh-oh, this viruses-and-worms scene could turn out quite troublesome.β If only weβd been wrongβ¦
β S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now (or read if you prefer)...π Read
via "Naked Security".
Naked Security
S3 Ep111: The business risk of a sleazy βnudity unfilterβ [Audio + Text]
Latest episode β listen now (or read if you prefer)β¦
βΌ CVE-2022-3696 βΌ
π Read
via "National Vulnerability Database".
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29837 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3226 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41297 βΌ
π Read
via "National Vulnerability Database".
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3710 βΌ
π Read
via "National Vulnerability Database".
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2969 βΌ
π Read
via "National Vulnerability Database".
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3711 βΌ
π Read
via "National Vulnerability Database".
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3713 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3709 βΌ
π Read
via "National Vulnerability Database".
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA.π Read
via "National Vulnerability Database".
βοΈ ConnectWise Quietly Patches Flaw That Helps Phishers βοΈ
π Read
via "Krebs on Security".
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.π Read
via "Krebs on Security".
Krebs on Security
ConnectWise Quietly Patches Flaw That Helps Phishers
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipientsβ¦
π΄ One Year After Log4Shell, Most Firms Are Still Exposed to Attack π΄
π Read
via "Dark Reading".
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.π Read
via "Dark Reading".
Dark Reading
One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.
βΌ CVE-2022-43901 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43900 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.π Read
via "National Vulnerability Database".
π΄ Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines π΄
π Read
via "Dark Reading".
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose.π Read
via "Dark Reading".
Dark Reading
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose.
π΄ LastPass Discloses Second Breach in Three Months π΄
π Read
via "Dark Reading".
The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment.π Read
via "Dark Reading".
Dark Reading
LastPass Discloses Second Breach in Three Months
The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment.
β The CHRISTMA EXEC network worm β 35 years and counting! β
π Read
via "Naked Security".
"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong...π Read
via "Naked Security".
Naked Security
The CHRISTMA EXEC network worm β 35 years and counting!
βUh-oh, this viruses-and-worms scene could turn out quite troublesome.β If only weβd been wrongβ¦