What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-04 13:01:43 | Rapport de Splunk : Les organisations expertes des données sont plus rentables, résilientes et innovantes (lien direct) | Rapport de Splunk : Les organisations expertes des données sont plus rentables, résilientes et innovantes Une nouvelle étude mondiale montre que les leaders des données améliorent leur résilience face aux menaces et augmentent leurs bénéfices bruts de près de 10 % - Investigations | Guideline | ||
 |
2022-10-04 11:47:00 | Tenable aims to unify your cybersecurity with exposure management platform (lien direct) | Tenable today announced the general availability of Tenable One, a unified exposure management platform designed to meet the changing needs of the modern cybersecurity professional by offering a holistic view of both on-premises and cloud-based attack surfaces.The modern cybersecurity attack surface is complex, fast-changing, and involves a panoply of different target systems and users that are all interconnected in a range of ways. Modern cybersecurity measures, on the other hand, are, all too often, architected just as they have been in the past, leading to major challenges in combating threats, according to a white paper Tenable released along with its new product.To read this article in full, please click here | Guideline | ||
 |
2022-10-04 11:20:28 | How to See Yourself in Cyber: Top Tips from Industry Leaders (lien direct) | It's 2022 and as we all know, the world is a very different place. However, one thing that has not changed is the importance of cybersecurity. In fact, it's more important now than ever before, as the SolarWinds hack and Executive Order prove. That's why for Cybersecurity Awareness Month this year, we asked cybersecurity pioneers and leaders to get their insights on staying cyber safe. Here are their thoughts on CISA's 4 Things You Can Do to See Yourself in Cyber. Enable Multi-Factor Authentication “With the continued rise in cybercrime, there are a few simple steps every person should take to protect themselves, if they aren't already. CISA's first recommended step to stay 'cyber-safe' is to implement multi-factor authentication. It significantly lessens the likelihood of being hacked via unauthorized access and compromised credentials, which, according to Verizon's 2021 Data Breach Investigations Report, were the gateway for 61% of data breaches. Enabling multi-factor… | Data Breach Hack Guideline | ★★ | |
 |
2022-10-04 10:00:00 | 8 Cybersecurity trends to be aware of in 2022/2023 (lien direct) | This blog was written by an independent guest blogger. The last couple of months were devastating for cybersecurity. Cyber threats intensify each waking day, and criminals seem to be getting more sophisticated and better at beating the system. For instance, the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with Ransomware being declared a state-level weapon. These attacks are causing severe disruptions to everyday lives, affecting essential services such as medical care, schools, etc. For instance, an attack on Lincoln College in the US resulted in the college closing its doors after 157 years. Needless to say, cybersecurity threats and attacks aren’t slowing down or going away anytime soon. As the risk of cybersecurity attacks continues to grow, so have the trends predicted for cybersecurity in the next year. Here are some of the most critical cybersecurity trends you need to keep an eye on. User awareness Surprisingly, about 97% of people with access to the internet still cannot identify when an email is a phishing email. This is why many people will readily click on a phishing email, and thus become victims to cyberattacks. This shows that there is a huge need for awareness, and education is crucial to identify and prevent costly identity theft and network hacks. Thankfully, many businesses today go beyond implementing strong firewalls and sophisticated IT protocols by augmenting their IT personnel's capabilities through training to equip them with the skills needed to fight cyber-attacks. Some institutions use classroom and web-based to promote and train cybersecurity awareness. Companies are also focusing more on how workers share and handle confidential data. For instance, many organizations are now putting a lot of effort into educating their employees on how to protect themselves from identity theft. After all, research shows that about 80 percent of data breaches can be avoided by practicing and implementing simple cyber hygiene. Geo-targeted phishing threats Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat. Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted. Cybercriminals are taking the time to research and devise ways to craft polished business email compromise attacks that can fool even the best eye. Therefore, businesses, and individuals alike, should invest time and effort into comprehensive security awareness programs to protect their data and ensure website safety. GDPR compliance The general data protection regulation is the decade’s most notable developments in IT across the European Union. The law is the brainchild of the EU, but it’s already having major impacts on data protection requirements across the globe. The law imposes standard data security law on all EU countries and requires all organizations selling to EU residents to comply with its regulations regardless of their location. As such, GDPR provides uniform data protection to all consumers in the EU regions. Since the GDPR is st | Ransomware Threat Studies Guideline | ||
 |
2022-10-04 06:14:44 | New Hacktivism Model Trends Worldwide (lien direct) | >Check Point Research outlines a new model of hacktivism now trending worldwide. Five characteristics mark today's form of hacktivism, according to researchers: political ideology, leadership hierarchy, formal recruiting, advanced tools and public relations. CPR gives the hacktivist group Killnet as an example of the latest model, detailing its attacks by country and attack timeline. CPR… | Guideline | ||
 |
2022-10-03 15:15:18 | CVE-2022-41301 (lien direct) | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Vulnerability Guideline | ||
|
2022-10-03 15:15:17 | CVE-2022-33889 (lien direct) | A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. | Vulnerability Guideline | ||
|
2022-10-03 15:15:17 | CVE-2022-33890 (lien direct) | A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Vulnerability Guideline | ||
|
2022-10-03 15:15:17 | CVE-2022-33888 (lien direct) | A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Vulnerability Guideline | ||
|
2022-10-03 15:15:16 | CVE-2022-33883 (lien direct) | A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Vulnerability Guideline | ||
|
2022-10-03 15:15:16 | CVE-2022-33885 (lien direct) | A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. | Vulnerability Guideline | ||
|
2022-10-03 15:15:16 | CVE-2022-33884 (lien direct) | Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Vulnerability Guideline | ||
 |
2022-10-03 12:40:56 | Researcher Spotlight: Globetrotting with Yuri Kramarz (lien direct) | From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference and critical national infrastructure. He's no stranger to cybersecurity on the big stage, but he still enjoys working with companies and organizations of all sizes in all parts of the world. “What really excites me is making companies more secure,” he said in a recent interview. “That comes down to a couple things, but it's really about putting a few solutions together at first and then hearing the customer's feedback and building from there.” Yuri is a senior incident response consultant with Cisco Talos Incident Response (CTIR) currently based in Qatar. He walks customers through various exercises, incident response plan creation, recovery in the event of a cyber attack and much more under the suite of offerings CTIR has. Since moving from the UK to Qatar, he is mainly focused on preparing various local entities in Qatar for the World Cup slated to begin in November. Qatar estimates more than 1.7 million people will visit the country for the international soccer tournament, averaging 500,000 per day at various stadiums and event venues. For reference, the World Bank estimates that 2.9 million people currently live in Qatar. This means the businesses and networks in the country will face more traffic than ever and will no doubt draw the attention of bad actors looking to make a statement or make money off ransomware attacks. “You have completely different angles in preparing different customers for defense during major global events depending on their role, technology and function,” Kramarz said. In every major event, there were different devices, systems and networks interconnected to provide visitors and fans with various hospitality facilities that could be targeted in a cyber attack. Any country participating in the event needs to make sure they understand the risks associated with it and consider various adversary activities that might play out to secure these facilities. Kramarz has worked in several different geographic areas in his roughly 12-year security career, including Asia, the Middle East, Europe and the U.S. He has experience leading red team engagements (simulating attacks against targets to find potential security weaknesses) in traditional IT and ICS/OT environments, vulnerability research and blue team defense. The incident response field has been the perfect place for him to put all these skills to use.  He joined Portcullis Securit |
Ransomware Hack Vulnerability Guideline | ||
|
2022-10-01 00:15:10 | CVE-2022-42002 (lien direct) | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | Guideline | ||
|
2022-09-30 20:15:09 | CVE-2022-34428 (lien direct) | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | Vulnerability Guideline | ||
|
2022-09-30 20:15:09 | CVE-2022-34429 (lien direct) | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | Vulnerability Guideline | ||
|
2022-09-30 17:16:47 | Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server (lien direct) |  Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for security patches for these vulnerabilities. Exchange vulnerabilities have become increasingly popular with threat actors, as they can provide initial access to network environments and are often used to facilitate more effective phishing and malspam campaigns. The Hafnium threat actor exploited several zero-day vulnerabilities in Exchange Server in 2021 to deliver ransomware, and Cisco Talos Incident Response reported that the exploitation of Exchange Server issues was one of the four attacks they saw most often last year.Vulnerability details and ongoing exploitationExploit requests for these vulnerabilities look similar to previously discovered ProxyShell exploitation attempts:autodiscover/autodiscover.json?@evil.com/&Email=autodiscover/autodiscover.json%3f@evil.comSuccessful exploitation of the vulnerabilities observed in the wild leads to preliminary information-gathering operations and the persistence of WebShells for continued access to compromised servers. Open-source reporting indicates that webShells such as Antsword, a popular Chinese language-based open-source webshell, SharPyShell an ASP.NET-based webshell and China Chopper have been deployed on compromised systems consisting of the following artifacts:C:\inetpub\wwwroot\aspnet_client\Xml.ashxC:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\errorEE.aspxC:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\pxh4HG1v.ashxC:\Program Files\Microsoft\Exchange Server\V15 |
Malware Threat Guideline | ||
|
2022-09-30 17:15:13 | CVE-2022-36965 (lien direct) | Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | Guideline | ||
|
2022-09-30 11:15:09 | CVE-2022-2529 (lien direct) | sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | Guideline | ||
|
2022-09-30 10:00:00 | How analyzing employee behavior can improve your cybersecurity posture (lien direct) | This blog was written by an independent guest blogger. Despite the ongoing rise in social engineering attacks, the idea that cybersecurity is only about technology manifests within most of our minds. Organizations often neglect human behavior's impact on their cybersecurity postures. Instead, they spend lavishly on endpoint security tools, threat hunting programs, and building incident response plans. Admittedly, these security measures are a crucial part of mitigating attacks. However, it is critical to remember the role of your employees in maintaining a robust cybersecurity posture, specifically as cybercriminals have been increasingly targeting and exploiting human behavior. How employee behavior impacts cybersecurity A study by IBM highlights that human error is the leading cause of 95% of cybersecurity breaches. Although human errors are by definition unintentional, generally caused by a significant lack of awareness, they can often result in adverse circumstances. In other words, an unsuspecting employee who accidentally falls victim to a phishing attack can expose their organization to significant data breaches, causing major operational, reputational, and financial damage. One such example is the Sequoia Capital attack, which was successful because an employee fell victim to a phishing attack. The company, known for being Silicon Valley's oldest notable venture fund, was hacked in February 2021. The attack exposed some of its investors' personal and financial information to third parties, resulting in significant damage to the company. Such attacks demonstrate the consequences of inadequate phishing awareness training that every organization must provide to its employees. In this sense, simulated micro-learning can be highly effective at teaching teams to recognize potentially malicious messages. A recent report by Hoxhunt found that after some 50 simulations, people’s “failure rates” plummeted from 14% to 4%. By being exposed to simulated phishing attacks over time, they became far more skilled at recognizing them. Beyond educational solutions, ensuring that your employees practice proper password hygiene is likewise critical. Although passwords have played a remarkable role in ensuring cyber security, relying only on a single password makes your organization vulnerable since it can be stolen or compromised. Your users might be ignorant of password security and keep generic passwords such as "12345" susceptible to brute force attacks and hack attacks. These practices are standard within an organization that doesn't deploy the use of secure password managers and has strict password security guidelines for employees to follow. How can your employees help maintain cybersecurity? The significant rise in social engineering attacks and the ongoing occurrence of data breaches due to human error have reinforced the idea that humans are the weakest link in cybersecurity. A workforce that can be distracted or tricked is indeed a liability. However, this narrative is hardly set in stone. With the below strategies in place, it’s possible to maximize team vigilance and circumvent much of the risk associated with human error. Integrate the principle of least privilege access The principle of least privileged access has become a crucial aspect of effective cyb | Hack Threat Guideline | Prowli | |
|
2022-09-29 17:15:28 | CVE-2022-29503 (lien direct) | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-09-29 15:50:13 | Bitdefender signe un partenariat pluriannuel avec la Scuderia Ferrari et fait son entrée dans le monde de la Formule 1 (lien direct) | Bitdefender signe un partenariat pluriannuel avec la Scuderia Ferrari et fait son entrée dans le monde de la Formule 1. Ce partenariat conjugue la puissance de deux leaders en matière de performances et d'innovation - Marchés | Guideline | ||
 |
2022-09-29 15:15:55 | IT admin admits sabotaging ex-employer\'s network in bid for higher salary (lien direct) | A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer’s computer systems. Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company’s email traffic and prevented customers from reaching its website in a failed […]… Read More | Guideline | ||
|
2022-09-29 13:15:11 | CVE-2022-40890 (lien direct) | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | Vulnerability Guideline | ||
|
2022-09-29 13:15:09 | CVE-2022-39250 (lien direct) | Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround. | Vulnerability Guideline | ||
 |
2022-09-29 08:52:00 | From the Mind of a CISO: An Interview with Fortinet\'s Rafi Brenner (lien direct) | Fortinet's Rafi Brenner offers his perspective on how the role of the CISO has changed, key challenges CISOs are facing today, and some interesting technology leadership projects his team is working on at Fortinet. Read more. | Guideline | ||
 |
2022-09-29 08:44:53 | Protect your business and configuration data: ABAP/4 code security in SAP systems – safety starts at development (lien direct) | >by Sükrü ilkel Birakoglu, Senior Director In all common programming languages, faults during development may lead to immense security vulnerabilities in production systems. ABAP/4,-(Advanced Business Application Programming/4th generation language) which is the programming language of SAP Applications is no exception to that. The steep rise in the number of SAP Security Notes in the past few [...] | Guideline | ||
|
2022-09-29 03:15:15 | CVE-2022-40279 (lien direct) | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). | Guideline | ||
|
2022-09-29 03:15:15 | CVE-2022-1718 (lien direct) | The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service. | Guideline | ★★ | |
|
2022-09-29 03:15:15 | CVE-2022-40278 (lien direct) | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service. | Guideline | ||
|
2022-09-29 03:15:14 | CVE-2020-35674 (lien direct) | BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | Vulnerability Guideline | ||
|
2022-09-29 03:15:11 | CVE-2014-0147 (lien direct) | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | Guideline | ★★★★★ | |
|
2022-09-29 02:00:00 | 22 notable government cybersecurity initiatives in 2022 (lien direct) | Cybersecurity continues to be high on the agenda of governments across the globe, with both national and local levels increasingly working to counter cybersecurity threats. Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues.Here are 22 notable cybersecurity initiatives introduced around the world in 2022.February Israel commits to IDB cybersecurity initiative in Latin America, Caribbean The Israeli government announced that it will join the Inter-American Development Bank (IDB) to establish a new cybersecurity initiative, committing $2 million USD to help strengthen cybersecurity capabilities in Latin America and the Caribbean (LAC). Israel's funding would aid in building cyber capacity across the region by giving officials and policymakers access to forefront practices and world-leading knowledge and expertise, the government stated. “The cybersecurity initiative is paving the way for the safe and secure digitalization of Latin America and the Caribbean, one of the key elements for growth in the post-COVID era,” said Matan Lev-Ari, Israel's representative on the IDB's Board.To read this article in full, please click here | Guideline | ||
|
2022-09-28 22:15:14 | CVE-2022-39264 (lien direct) | nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu. | Guideline | ||
|
2022-09-28 21:15:12 | CVE-2022-34394 (lien direct) | Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information. | Vulnerability Guideline | ||
|
2022-09-28 20:15:17 | CVE-2022-3215 (lien direct) | NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace. | Guideline | ||
|
2022-09-28 20:15:11 | CVE-2022-23716 (lien direct) | A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | Guideline | ||
|
2022-09-28 16:15:12 | CVE-2022-3354 (lien direct) | A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-09-28 16:15:11 | CVE-2022-35722 (lien direct) | IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | Vulnerability Guideline | ||
|
2022-09-28 16:15:09 | CVE-2022-22387 (lien direct) | IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965. | Vulnerability Guideline | ★★★ | |
|
2022-09-28 13:15:10 | CVE-2022-3349 (lien direct) | A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679. | Vulnerability Guideline | ||
 |
2022-09-28 10:33:00 | Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (lien direct) | WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and | Hack Vulnerability Guideline | ||
|
2022-09-28 10:15:09 | CVE-2022-32166 (lien direct) | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks� function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | Vulnerability Guideline | ||
|
2022-09-28 08:18:45 | New campaign uses government, union-themed lures to deliver Cobalt Strike beacons (lien direct) |  By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks.Lure themes in the phishing documents in this campaign are related to the job details of a government organization in the United States and a trade union in New Zealand. The attack involves a multistage and modular infection chain with fileless, malicious scripts. Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints. The initial vector of this attack is a phishing email with a malicious Microsoft Word document attachment containing an exploit that attempts to exploit the vulnerability CVE-2017-0199, a remote code execution issue in Microsoft Office. If a victim opens the maldoc, it downloads a malicious Word document template hosted on an attacker-controlled Bitbucket repository. Talos discovered two attack methodologies employed by the attacker in this campaign: One in which the downloaded DOTM template executes an embedded malicious Visual Basic script, which leads to the generation and execution of other obfuscated VB and PowerShell scripts and another that involves the malicious VB downloading and running a Windows executable that executes malicious PowerShell commands to download and implant the payload. The payload discovered is a leaked version of a Cobalt Strike beacon. The beacon configuration contains commands to perform targeted process injection of arbitrary binaries and has a high reputation domain configured, exhibiting the redirection technique to masquerade the beacon's traffic. Although the payload discovered in this campaign is a Cobalt Strike beacon, Talos also observed usage of the Redline information-stealer and Amadey botnet executables as payloads. This campaign is a typical example of a threat actor using the technique of generating and executing malicious scripts in the victim's system memory. Defenders should implement behavioral protection capabilities in the organization's defense to effectively protect them against fileless threats. Organizations should be constantly vigilant on the Cobalt Strike beacons and implement layered defense capabilities to thwart the attacker's attempts in the earlier stage of the attack's infection chain. Initial vectorThe initial infection email is themed to entice the recipient to review the attached Word document and provide some of their personal information.  Initial malicious email message.The maldocs have lures containing text related to the collection of personally identifiable information (PII) which is used to determ |
Malware Vulnerability Threat Guideline | ||
|
2022-09-28 05:15:09 | CVE-2022-3333 (lien direct) | A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability. | Guideline | ★★★★★ | |
|
2022-09-28 05:15:08 | CVE-2022-3332 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583. | Vulnerability Guideline | ||
|
2022-09-27 23:15:15 | CVE-2022-3303 (lien direct) | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition | Guideline | ||
 |
2022-09-27 18:15:08 | Samsung sued for gobbling up too much personal info that miscreants then stole (lien direct) | If you're gonna force everyone to register an account, at least protect that data, lawsuit argues A lawsuit has accused Samsung of failing to address a cyber-intrusion in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack months later in July.… | Guideline | ||
|
2022-09-27 18:15:08 | Samsung facing class action over customer data leaks (lien direct) | Not only did the company fail to protect their data, the suit alleges, it also forced users to register A class action lawsuit has accused Samsung of failing to address a data breach in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack earlier this month.… | Data Breach Guideline | ||
|
2022-09-27 12:51:21 | Quantum renforce et accélère son partenariat actuel avec Atempo en proposant de nouvelles solutions certifiées et un accord de distribution mondial (lien direct) | Association de la solution de protection des données Atempo Tina aux serveurs et stockages Quantum pour une réponse globale aux besoins de cyber-résilience des entreprises face à une explosion des risques Quantum Corporation annonce le renforcement de son partenariat avec Atempo, leader européen de la protection des données et acteur majeur mondial de la gestion des données, reconnu pour ses solutions labellisées et primées, Tina, Miria et Lina. Dans le cadre de ce partenariat élargi, les deux (...) - Business | Guideline |
To see everything:
Our RSS (filtrered)
