Monday, February 28, 2022

CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. (CVSS:7.2) (Last Update:2022-02-28)
http://dlvr.it/SKqs8p

TCS' Cyber Defense Suite PaaS offers integrated security to enterprises - CSO Online

TCS' Cyber Defense Suite PaaS offers integrated security to enterprises  CSO Online
http://dlvr.it/SKqVVx

Cyber Security Testing, Inspection and Certification Market is Booming Worldwide with Bureau Veritas, DNV GL – corporate ethos - corporate ethos

Cyber Security Testing, Inspection and Certification Market is Booming Worldwide with Bureau Veritas, DNV GL – corporate ethos  corporate ethos
http://dlvr.it/SKq3Xc

Rosenworcel Concerned About Cybersecurity, BGP Vulnerability Amid Ukraine Conflict - Telecompetitor

Rosenworcel Concerned About Cybersecurity, BGP Vulnerability Amid Ukraine Conflict  Telecompetitor
http://dlvr.it/SKpWcb

Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures

Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive
http://dlvr.it/SKpWBD

Sunday, February 27, 2022

Anonymous Claims Hacks on More Than 300 Russian Cyber Targets in 48 Hours, Including Gas Control System - HS Today - HSToday

Anonymous Claims Hacks on More Than 300 Russian Cyber Targets in 48 Hours, Including Gas Control System - HS Today  HSToday
http://dlvr.it/SKmXrK

Want to boost your cybersecurity? Here are 10 steps to improve your defences now - ZDNet

Want to boost your cybersecurity? Here are 10 steps to improve your defences now  ZDNet
http://dlvr.it/SKmFz4

SEC Proposes New Cybersecurity Rule under the 1940 Act - JD Supra

SEC Proposes New Cybersecurity Rule under the 1940 Act  JD Supra
http://dlvr.it/SKlwGn

How to Become a Cybersecurity Professional Without a Degree? - Analytics Insight

How to Become a Cybersecurity Professional Without a Degree?  Analytics Insight
http://dlvr.it/SKlYVF

Week in review: Cyber attacks on Ukraine, Help Net Security: Healthcare Cybersecurity Report is out - Help Net Security

Week in review: Cyber attacks on Ukraine, Help Net Security: Healthcare Cybersecurity Report is out  Help Net Security
http://dlvr.it/SKlYTG

Saturday, February 26, 2022

Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides

Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related
http://dlvr.it/SKj7b4

Friday, February 25, 2022

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. (CVSS:7.5) (Last Update:2022-02-25)
http://dlvr.it/SKgYNn

Anonymous Hackers Launch Cyber Ops Against Russia, Claim Government Site Takedowns - HS Today - HSToday

Anonymous Hackers Launch Cyber Ops Against Russia, Claim Government Site Takedowns - HS Today  HSToday
http://dlvr.it/SKgB2h

Barracuda Cybersecurity Update, Russian Cyber Threats, Cloudflare M&A - Channel Futures

Barracuda Cybersecurity Update, Russian Cyber Threats, Cloudflare M&A  Channel Futures
http://dlvr.it/SKfjs6

New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the
http://dlvr.it/SKfhww

New Flaws Discovered in Cisco's Network Operating System for Switches

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of
http://dlvr.it/SKf9TN

Thursday, February 24, 2022

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. (CVSS:7.5) (Last Update:2022-02-24)
http://dlvr.it/SKc7NB

The 'Great Resignation' is a threat to cyber security - TechRadar

The 'Great Resignation' is a threat to cyber security  TechRadar
http://dlvr.it/SKbFY1

Cyber Security in Healthcare Market Recovery and Impact Analysis Report – Trend Micro Incorporated, Booz Allen Hamilton, Northrop Grumman Corporation – ZNews Africa - ZNews Africa

Cyber Security in Healthcare Market Recovery and Impact Analysis Report – Trend Micro Incorporated, Booz Allen Hamilton, Northrop Grumman Corporation – ZNews Africa  ZNews Africa
http://dlvr.it/SKZhmy

CVE-2022-24646

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. (CVSS:7.8) (Last Update:2022-02-17)
http://dlvr.it/SKZhjm

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js,
http://dlvr.it/SKZhQT

Friday, February 4, 2022

YOUR SOLUTION TO OFFENSIVE CYBER SECURITY

YOUR  SOLUTION TO OFFENSIVE CYBER SECURITY

ReconZ Consulting is a Cyber Security firm specialized in Security Posture Assessment (SPA) / Penetration testing and IT technologies. We provide professional yet cost-effective IT security services and solution. Test with us now and secure your data.


Our job scope covers:

1) Security Posture Assessment (SPA):

* Network Penetration Testing

* Website Penetration Testing

* Mobile Penetration Testing

* IoT Penetration Testing

* Wireless Assessment

* Thick Client Assessment

* Social Engineering

* Source Code Review

* Hose Client Assessment

* Vulnerability Assessment (VA)

* Network Device Review

* WAF Security Audit

* Incident Response and Log Analysis



2)Cyber Security Policy:

* ISMS Cyber Security policy

* ReconZ Cyber Security Policy



3)Cyber Security Training:

* Cyber Security Awareness Training

* SPA Training



4)Others Services :

* Wifi Hotspot Solution

* Web Development

* Software and Apps Development

* Stress Test

* Performance Test

* Intrution Detection Solution



Contact : 03-33100104(Office)

               +601124057305(Call/Whatsapp) 

Email: samir@reconz.my

Website: https://www.reconz.my



#iot

#cybersecuritytraining

#digitalforensic

#network

#socialengineering

#penetrationtesting

#networkpentest

#IoTpentest

#computer

#SPA

#cybersecurity

#hacking

#websitepentest

#mobilepentest

#securitypostureassessment

#sourcecodereview

#itsecurity

#cybersecuritycompanymalaysia

#pentest

Thursday, February 3, 2022

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the
http://dlvr.it/SJMCx3

Axio Joins with Cyber Risk Institute to Deliver Cybersecurity Resilience to Financial Services Institutions Across the Globe - Yahoo Finance

Axio Joins with Cyber Risk Institute to Deliver Cybersecurity Resilience to Financial Services Institutions Across the Globe  Yahoo Finance
http://dlvr.it/SJKpQb

Critical Flaws Discovered in Cisco Small Business RV Series Routers

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest
http://dlvr.it/SJKFPc

New Variant of UpdateAgent Malware Infects Mac Computers with Adware

Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has underwent several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones
http://dlvr.it/SJJhBJ

New Wave of Cyber Attacks Target Palestine with Political Bait and Malware

Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based
http://dlvr.it/SJJ9hc

Wednesday, February 2, 2022

CVE-2022-23967

In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1 is accepted. This allocates a chunk of size zero, which will give a heap pointer. However, one can send 0xffffffff bytes of data, which can have a DoS impact or lead to remote code execution. (CVSS:7.5) (Last Update:2022-02-02)
http://dlvr.it/SJHm0t

Check out Episode 9 of The Cybersecurity and Geopolitical Podcast — Russia: The Global Protagonist - Security Magazine

Check out Episode 9 of The Cybersecurity and Geopolitical Podcast — Russia: The Global Protagonist  Security Magazine
http://dlvr.it/SJGKCd

New Malware Used by SolarWinds Attackers Went Undetected for Years

The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted
http://dlvr.it/SJFn0w

Cynet's Keys to Extend Threat Visibility

We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM’s Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212
http://dlvr.it/SJFCLK

Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff
http://dlvr.it/SJDjs0

Tuesday, February 1, 2022

Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows
http://dlvr.it/SJDJfV

“Effect of cyber attack on Gold Bond will last for weeks,” warns expert | Ctech - CTech

“Effect of cyber attack on Gold Bond will last for weeks,” warns expert | Ctech  CTech
http://dlvr.it/SJBw2w

German petrol supply firm Oiltanking paralyzed by cyber attack - BleepingComputer

German petrol supply firm Oiltanking paralyzed by cyber attack  BleepingComputer
http://dlvr.it/SJBNm6

Cyber Security, Senior Associate job with The MIL Corporation (MIL) | 43480037 - The Washington Post

Cyber Security, Senior Associate job with The MIL Corporation (MIL) | 43480037  The Washington Post
http://dlvr.it/SJ9qq8

Reasons Why Every Business is a Target of DDoS Attacks

DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020.  Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further, 73% of DDoS attacks in Q3 2021 were
http://dlvr.it/SJ9L91

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allege...