What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-05 04:15:08 | CVE-2022-39830 (lien direct) | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | Guideline | ||
|
2022-09-04 09:15:08 | CVE-2022-3118 (lien direct) | A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-09-02 18:15:12 | CVE-2022-34378 (lien direct) | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | Guideline | ||
|
2022-09-02 18:15:11 | CVE-2022-34371 (lien direct) | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | Guideline | ||
|
2022-09-02 18:15:11 | CVE-2022-34369 (lien direct) | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | Guideline | ||
|
2022-09-02 13:15:08 | CVE-2022-36078 (lien direct) | Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. | Vulnerability Guideline | ||
|
2022-09-02 12:15:09 | CVE-2021-35134 (lien direct) | Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | Guideline | ||
|
2022-09-02 12:15:09 | CVE-2022-22080 (lien direct) | Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | Guideline | ||
|
2022-09-02 12:15:08 | CVE-2021-35108 (lien direct) | Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile | Guideline | ★★★★★ | |
|
2022-09-01 21:15:10 | CVE-2022-38126 (lien direct) | Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service. | Guideline | ||
|
2022-09-01 21:15:10 | CVE-2022-38128 (lien direct) | An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker. | Guideline | ||
|
2022-09-01 21:15:10 | CVE-2022-38127 (lien direct) | A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data. | Guideline | ||
|
2022-09-01 21:15:09 | CVE-2022-2639 (lien direct) | An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. | Guideline | ||
|
2022-09-01 21:15:09 | CVE-2022-2238 (lien direct) | A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. | Vulnerability Guideline | Uber | |
|
2022-09-01 19:15:12 | CVE-2022-34372 (lien direct) | Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality | Guideline | ||
|
2022-09-01 19:15:12 | CVE-2022-34380 (lien direct) | Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. | Vulnerability Guideline | ||
|
2022-09-01 17:15:08 | CVE-2022-36796 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin | Vulnerability Guideline | ★★★★★ | |
 |
2022-09-01 16:50:00 | Security Operations are More Difficult Now More Than Ever. Buy Why? (lien direct) | According to recent research by ESG, 52% of respondents believe security operations are more difficult today than they were two years ago. Responses stated this was due to multiple factors, such as the increasingly dangerous threat landscape, a growing attack surface, the volume and complexity of security alerts, and public cloud proliferation. Today’s threats are more sophisticated than ever, making them more challenging to defend against. Security teams must constantly do more with less, protecting more data, endpoints, and applications. And, as the threat landscape evolves, so will they, but chances are they must do so with fewer resources. The growing list of challenges is never-ending. So what tops the list? An Ever-Growing Attack Surface Organizations are collecting and storing more data than ever, driven by more cloud-based applications and services. This new on-prem/off-prem environment has created more potential entry points for attackers. Additionally, many organizations lose track of their assets, failing to update policies and their security infrastructure, leaving them vulnerable to attacks that exploit known vulnerabilities. Another reason security teams face more challenges today is the increasing number of mobile devices and cloud apps used by employees. These devices and apps can provide a convenient way for employees to access company data, but they can also be a security risk if they are not adequately secured. The Evolving Threat Landscape As the attack surface grows, so does the number of potential threats. Security teams must now contend with a broader range of threats, including sophisticated malware, zero-day exploits, and ransomware. Additionally, attackers are becoming more brazen and are targeting high-profile organizations with well-funded security operations. In addition, the rise of social media has created new opportunities for hackers to launch cyber attacks. Social media platforms can spread malware or gather information about people’s online habits, used to launch targeted attacks and infiltrate enterprise organizations. Increasing Compliance Requirements Organizations must comply with an ever-growing number of regulations, such as the EU’s General Data Protection Regulation (GDPR), that require security teams to put in place additional controls and processes, which can be costly and time-consuming. Additionally, compliance failures can result in heavy fines and strain an already tight budget. Limited Resources According to (ISC)²'s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to defend organizations’ critical assets effectively. While the number of professionals required to fill the gap has decreased, the number of qualified cyber professionals will fall even further due to the growing demand for highly skilled individuals. Complex Tech Stack Enterprises frequently deploy new security tools and services to address changing needs and increased threats. As previously mentioned, a typical enterprise SOC may use a combination of twenty or more technologies, making it difficult to customize each solution for its environment. The interoperability issues caused by the possibility of using multiple vendors make it very challenging to get a complete picture of your overall security environment. The Need to Adapt Despite these challenges, security teams must find ways to adapt to protect their organizations effectively against ever-evolving threats. So what c | Malware Tool Threat Guideline | ||
 |
2022-09-01 14:00:25 | (Déjà vu) Pleins feux sur les menaces : plus d\'1,2 million d\'attaques de ransomwares par mois ! Un rapport de recherche produit par Barracuda analyse les schémas (lien direct) | Pleins feux sur les menaces : plus d'1,2 million d'attaques de ransomwares par mois ! Un rapport de recherche produit par Barracuda analyse les schémas. d'attaques par ransomware ayant eu lieu entre août 2021 et juillet 2022 Barracuda, partenaire de confiance et fournisseur leader de solutions de sécurité pour le cloud, publie aujourd'hui son quatrième rapport annuel de recherche sur les menaces liées aux ransomwares. Ce nouveau rapport de recherche analyse les schémas d'attaques par ransomware ayant eu lieu entre août 2021 et juillet 2022. - Malwares | Ransomware Guideline | ||
 |
2022-09-01 10:00:00 | Pros and cons of cybersecurity automation (lien direct) | 
Image Source: Pexels
This blog was written by an independent guest blogger.
Cybersecurity threats are nothing new. Major corporations and small businesses alike are regularly faced with them. However, as technology continues to advance and change, so do those threats. Technological sophistication is important when it comes to providing us with the advancements we’ll eventually become used to. But that means cybercriminals are also becoming more sophisticated in their efforts.
The solution? Cybersecurity has to become more sophisticated, as well.
One of the best ways to accomplish that is with automation – to both identify and address threats. But that can feel like putting important information in the hands of a machine, and not everyone is eager to do that without knowing some of the potential risks.
Can automation make a difference when it comes to cybersecurity? Are there any drawbacks? Some businesses are still relying solely on manual protection when it comes to dealing with cybersecurity threats, but is that enough?
In today’s world of ever-advancing cybercriminals, it might not be.
Let’s cover some of the pros and cons of cybersecurity automation, and why it’s really necessary in today’s world of advanced cybercriminals.
Pro: It frees up manpower
One of the biggest draws of AI in any industry is that it frees up people to do other things, rather than focusing on small tasks that can be done by a machine. Keeping data systems safe is no small task, of course, but it’s the perfect job for an automated program specifically designed to test threats.
Many automated programs can be set up as part of a cybersecurity response plan. You can program your AI to implement parts of that plan when a threat is detected, including:
Determining when the event happened
Checking if sensitive data has been lost
Updating firewalls, and security
Engaging a legal team
Automating your cybersecurity response plan frees up workers to improve other areas of your business so they can focus on things that can only be done by humans – not machines. Additionally, each time a new threat is detected and taken care of with a cybersecurity response plan, your automated program will learn and continue to improve, knowing how to better handle the situation next time as it becomes more in tune with the threats being presented.
Not only can automated programs learn how to better respond to threats, but they can fine-tune threat intelligence, staying up to date with the latest in sophisticated cybercrimes so they know how to detect a wide variety of issues. That’s something humans may always struggle to keep up with when compared to machines that are learning and improving around the clock.
Con: It’s still a risk
AI has grown at a rapid pace over the last several years, but it’s by no means perfect. In fact, it may be spread a little too thin. When it comes to cybersecurity, the last thing you want to do is turn on a program and let it run 24/7 without any sort of monitoring or maintenance. Let’s say you owned a safe with a billion dollars inside, and the only thing keeping that money protected was an automated program that kept the door locked. Would you p |
Threat Guideline | ||
 |
2022-09-01 08:54:00 | Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability (lien direct) | Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech | Vulnerability Guideline | ||
 |
2022-09-01 06:13:00 | BrandPost: How Hardened VMs Can Help with Cloud Security (lien direct) | Regardless of whether you're operating in the cloud or on-premises, it's important to harden your system by taking steps to limit potential security weaknesses. Most operating systems and other computer applications are developed with a focus on convenience over security. Implementing secure configurations can help harden your systems by disabling unnecessary ports or services, eliminating unneeded programs, and limiting administrative privileges. By working with cybersecurity experts around the world, the Center for Internet Security (CIS) leads the development of secure configuration settings for over 100 technologies and platforms. These community-driven secure configuration guidelines (called CIS Benchmarks) are available to download for free in PDF format.To read this article in full, please click here | Guideline | ||
 |
2022-08-31 22:31:33 | A flaw in TikTok Android app could have allowed the hijacking of users\' accounts (lien direct) | Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers to hijack users' accounts with a single click. The experts state that the vulnerability would have required the chaining with other […] | Vulnerability Guideline | ||
|
2022-08-31 16:15:10 | CVE-2022-1976 (lien direct) | A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. | Guideline | ★★★ | |
|
2022-08-31 16:15:10 | CVE-2022-2466 (lien direct) | It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. | Guideline | ||
|
2022-08-31 16:15:09 | CVE-2022-1355 (lien direct) | A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | Guideline | ||
|
2022-08-31 16:15:09 | CVE-2022-1247 (lien direct) | An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “countâ€� and “useâ€� are zero. | Guideline | ★★★★★ | |
|
2022-08-31 16:15:09 | CVE-2022-1354 (lien direct) | A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | Guideline | ||
 |
2022-08-31 12:00:22 | Know Thyself: 10 Ways to Discover Your Work Environment Needs and What It\'s Really Like to Work at Cisco (lien direct) | What do you need to succeed at work? Cisco Secure and Duo Security leaders give 10 tips to discern a company's culture and an inside look at working at Cisco. | Guideline | ||
 |
2022-08-31 11:17:03 | 79% of the Companies only Invest in Cybersecurity after Hacking Incidents (lien direct) | The British cybersecurity company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cybersecurity after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Leadership reticence is also high, with 63% of leaders convinced […] | Guideline | ||
|
2022-08-31 10:00:00 | How does robust cybersecurity add value to a business? (lien direct) | This blog was written by an independent guest blogger. A company’s IT infrastructure and data are some of its most valuable assets today. Consequently, protecting them is an increasingly critical goal to stave off worst-case scenarios and preserve a business’s value. By the same token, robust cybersecurity can make a company more valuable. Many organizations understand the importance of cybersecurity as a defense but may overlook its role as an asset. IT security will become a more important differentiator as cybercrime rises and digital systems play a more central role in business. Here’s a closer look at how stronger cybersecurity adds value to a company. Reduced expenses Maintaining robust cybersecurity requires additional spending, but it actually lowers expenses in the long run. The average data breach cost $4.35 million as of 2022, a figure that keeps rising over time. Stronger cybersecurity prevents these costly events, improving a company’s bottom line. Cyberattacks are too common to assume you’ll never encounter one, either. These attacks happen every 39 seconds, and more than half of all businesses have experienced some kind of security incident. A company will suffer an attack without reliable cybersecurity, and it will be costly. Consequently, stopping them is a critical part of lowering long-term expenses. Added resilience A more robust cybersecurity strategy will also make a business more resilient. Part of that stems from preventing attacks. Fewer successful hacks mean less disruption, leading to increased uptime and productivity. However, even if a breach does occur, companies will be more likely to survive it with strong cybersecurity. On average, companies employing security AI lose $3.05 million less in data breaches than those without it. Similarly, zero-trust architecture saves $1 million in a hack. These reduced costs ensure businesses recover faster, in some cases avoiding bankruptcy, making them more valuable. Lower risks The reduced chances of a breach and lowered costs translate into fewer risks for investors or potential partners. Many business valuation methods adjust rates based on risk or liability. As a result, the fewer financial threats a company poses to potential buyers or investors, the more valuable it is. Cyber-risks are some of the most important of these factors today, so more valuation methods will look at them to determine business value. That applies to formal valuations from investors, tax officials and other companies looking for potential partners. Given the rising likelihood of third-party breaches, more businesses today will judge whether a partner is worth it by their cyber-risks. Increased customer confidence Robust cybersecurity will also improve a business’s reputation among customers. Between 80%-90% of consumers say they wished there were more companies they could trust with their data, and 84% will switch over data concerns. If businesses don’t have strong security, it could drive customers away, dropping their market value, but better security could have the opposite effect. These trends apply to B2B markets, too. Businesses seeking to improve their own security to attract and retain customers will require stronger cybersecurity from their partners and vendors. Consequently, B2Bs that can promise increased security will be more valuable to potential clients. Cybersecurity is a crucial business value | Data Breach Guideline | ||
|
2022-08-30 21:15:08 | CVE-2022-34375 (lien direct) | Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | Vulnerability Guideline | ||
|
2022-08-30 21:15:08 | CVE-2022-34374 (lien direct) | Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. | Vulnerability Guideline | ||
|
2022-08-30 21:15:08 | CVE-2022-33935 (lien direct) | Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | Guideline | ||
|
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass | |
 |
2022-08-30 13:00:00 | How and Why Do Teens Become Cyber Criminals? (lien direct) | >The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house. The BBC reported the teen is alleged to have earned $14 million from his attacks. […] | Guideline | ||
|
2022-08-30 12:30:00 | India\'s Newest Airline Akasa Air Found Leaking Passengers\' Personal Information (lien direct) | Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7, | Guideline | ||
|
2022-08-30 10:00:00 | XDR: Why open is better than closed (lien direct) | In a new 12-minute video Rakesh Shah AVP Product Management and Development of AT&T Cybersecurity, explains Extended Detection and Response (XDR). This video was part of the virtual Black Hat USA event in August. It’s not product-specific and explains what can be a very confusing concept in a delightfully simple way.
XDR and why we need it
XDR brings together multiple different data sources – the network, endpoints, cloud and third-party data. Driving the need for XDR above and beyond previous approaches is that companies are drowning in defense-in-depth. Companies have multiple disparate security point products creating an overwhelming number of alerts. This leads to difficulty in conducting investigations.
XDR business value
XDR protects your investments in best-of-breed security products while increasing efficiency and orchestration to make it all work together better. Efficiency in security operations lets you detect, respond, and recover faster.
So, what is XDR? It’s about detection, incident response, and automation. It’s a new approach that lets you bring together best-of-breed products and focus on the outcomes you want. Add in managed services, and you get to Managed Extended Detection and Response (MXDR) – the good life!
Open XDR
With an open approach, enabled by APIs, there’s no “rip and replace” of existing point products. Instead, best-of-breed products can be integrated, with deep API integration. This allows you to:
Normalize raw log data
Collect and enrich log data
Perform threat analysis
Coordinate response actions
Provide security orchestration and automation
Allows access to built-in dashboards for your security point products.
Check out Rakesh’s video:
 |
Threat Guideline | ||
 |
2022-08-30 09:47:38 | Akasa Air Suffers Data Leak on First Day of Operation (lien direct) | India’s newest commercial airline, Akasa Air, exposed personal data belonging to its customers. The company blamed these data leaks on technical configuration errors. Ashutosh Barot, a security researcher, added that this issue originated in the account registration process, leading to the exposure of personal information such as gender, email addresses, names, and phone numbers. The […] | Guideline | ||
 |
2022-08-30 07:15:00 | Announcing Google\'s Open Source Software Vulnerability Rewards Program (lien direct) | Posted by Francis Perron, Open Source Security Technical Program ManagerToday, we are launching Google's Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google's open source projects. As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world. With the addition of Google's OSS VRP to our family of Vulnerability Reward Programs (VRPs), researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem.Google has been committed to supporting security researchers and bug hunters for over a decade. The original VRP program, established to compensate and thank those who help make Google's code more secure, was one of the first in the world and is now approaching its 12th anniversary. Over time, our VRP lineup has expanded to include programs focused on Chrome, Android, and other areas. Collectively, these programs have rewarded more | Vulnerability Guideline | ||
|
2022-08-30 04:15:10 | CVE-2022-24106 (lien direct) | In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. | Vulnerability Guideline | ||
|
2022-08-30 03:15:07 | CVE-2022-38784 (lien direct) | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. | Vulnerability Guideline | ||
|
2022-08-30 02:00:00 | Key takeaways from the Open Cybersecurity Schema Format (lien direct) | One of the most pervasive challenges in the current cybersecurity environment is an overabundance of tooling vendors, all of which produce telemetry or data, often in their own native or nuanced schema or format. As cybersecurity's visibility has risen in organizations, so has the number of cybersecurity vendors and tools that teams need to integrate, implement and govern. Cybersecurity professionals must spend time getting tools to work together as a cohesive portfolio, which detracts from their efforts to identify and address cybersecurity vulnerabilities and threats.The problem isn't going unnoticed. Recently Amazon Web Services (AWS) along with other leaders such as Splunk, CrowdStrike, Palo Alto, Rapid7, and JupiterOne announced the release of the Open Cybersecurity Schema Framework (OCSF) project. The announcement acknowledges the problem of security professionals needing to wrestle with proprietary data formats and outputs rather than their actual roles of risks and threats. This is problematic given the industry is already facing significant workforce challenges, burnout and fatigue. By standardizing on security product schemas and formats, security practitioners can spend more time addressing threats that pose risks to organizations.To read this article in full, please click here | Guideline | ||
|
2022-08-29 21:15:09 | CVE-2022-38772 (lien direct) | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. | Guideline | ||
|
2022-08-29 21:15:08 | CVE-2021-38934 (lien direct) | IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671. | Vulnerability Guideline | ||
|
2022-08-29 20:48:52 | Password Manager With 25 Million Users Confirms Breach, Expert Weighs In (lien direct) | One of the world’s leading password managers with 25 million users, LastPass, has confirmed that it has been hacked. While it’s good news that customer data was not compromised in this latest incident, the fact that the intruder accessed source code and ‘proprietary technical information’ is worrying. | Guideline | LastPass | |
|
2022-08-29 18:15:09 | CVE-2022-2261 (lien direct) | The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | Guideline | ||
|
2022-08-29 18:15:09 | CVE-2022-2537 (lien direct) | The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. | Guideline | ||
|
2022-08-29 18:15:09 | CVE-2022-2538 (lien direct) | The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting | Guideline | ||
|
2022-08-29 18:15:09 | CVE-2022-2559 (lien direct) | The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
