Cybersecurity awareness training being funded for municipal employees statewide WWLP.com
http://dlvr.it/SMlXMR
Thursday, March 31, 2022
CVE-2022-27946
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. (CVSS:9.0) (Last Update:2022-03-31)
http://dlvr.it/SMlDxS
http://dlvr.it/SMlDxS
Siemens Critical Infrastructure Defense Center latest investment in Canada’s cybersecurity network - Yahoo Finance
Siemens Critical Infrastructure Defense Center latest investment in Canada’s cybersecurity network Yahoo Finance
http://dlvr.it/SMktK7
http://dlvr.it/SMktK7
Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system.
Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users
http://dlvr.it/SMkPFt
http://dlvr.it/SMkPFt
QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices
Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.
"An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022. "If exploited, the vulnerability allows
http://dlvr.it/SMjqPy
http://dlvr.it/SMjqPy
Wednesday, March 30, 2022
Cyber-security rules proposed for EU bodies amid cyber attack worries - The Straits Times
Cyber-security rules proposed for EU bodies amid cyber attack worries The Straits Times
http://dlvr.it/SMh30D
http://dlvr.it/SMh30D
CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. (CVSS:7.5) (Last Update:2022-03-30)
http://dlvr.it/SMgl1T
http://dlvr.it/SMgl1T
South Dakota Universities Partner on Agriculture Cybersecurity - Government Technology
South Dakota Universities Partner on Agriculture Cybersecurity Government Technology
http://dlvr.it/SMgNQM
http://dlvr.it/SMgNQM
H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs - HealthITSecurity
H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs HealthITSecurity
http://dlvr.it/SMfvCn
http://dlvr.it/SMfvCn
Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances
SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition.
Tracked as CVE-2022-22274 (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that
http://dlvr.it/SMfJqr
http://dlvr.it/SMfJqr
Tuesday, March 29, 2022
CVE-2022-26536
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. (CVSS:10.0) (Last Update:2022-03-29)
http://dlvr.it/SMcCYm
http://dlvr.it/SMcCYm
Being small isn't the cybersecurity protection you think it is - North Bay Business Journal
Being small isn't the cybersecurity protection you think it is North Bay Business Journal
http://dlvr.it/SMbr2M
http://dlvr.it/SMbr2M
Vulcan Cyber Joins Microsoft Intelligent Security Association, Integrates Microsoft Defender for Endpoint Threat and Vulnerability Management into Cyber Risk Management Platform USA - English - USA - English - PR Newswire
Vulcan Cyber Joins Microsoft Intelligent Security Association, Integrates Microsoft Defender for Endpoint Threat and Vulnerability Management into Cyber Risk Management Platform USA - English - USA - English PR Newswire
http://dlvr.it/SMbLgk
http://dlvr.it/SMbLgk
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation
Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks.
The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal
http://dlvr.it/SMZmwB
http://dlvr.it/SMZmwB
Monday, March 28, 2022
As Russia hackers target US, cyber security expert advises on computer protection - WPEC
As Russia hackers target US, cyber security expert advises on computer protection WPEC
http://dlvr.it/SMXzvY
http://dlvr.it/SMXzvY
CVE-2022-26293
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. (CVSS:7.5) (Last Update:2022-03-28)
http://dlvr.it/SMXhds
http://dlvr.it/SMXhds
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The
http://dlvr.it/SMWKWZ
http://dlvr.it/SMWKWZ
Sunday, March 27, 2022
Review of the Cybersecurity Act and Update to the Cybersecurity Code of Practice for CIIs - Cyber Security Agency of Singapore
Review of the Cybersecurity Act and Update to the Cybersecurity Code of Practice for CIIs Cyber Security Agency of Singapore
http://dlvr.it/SMT4by
http://dlvr.it/SMT4by
Week in review: Lapsus$ breaches Okta and Microsoft, Red Team 101, cybersecurity during M&As - Help Net Security
Week in review: Lapsus$ breaches Okta and Microsoft, Red Team 101, cybersecurity during M&As Help Net Security
http://dlvr.it/SMSQMF
http://dlvr.it/SMSQMF
Saturday, March 26, 2022
Singapore: Cyber Security Agency advises businesses to strengthen cybersecurity posture against cyberattacks - GlobalComplianceNews
Singapore: Cyber Security Agency advises businesses to strengthen cybersecurity posture against cyberattacks GlobalComplianceNews
http://dlvr.it/SMRKHc
http://dlvr.it/SMRKHc
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.
Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.
Type confusion errors,
http://dlvr.it/SMQ9Fz
http://dlvr.it/SMQ9Fz
Friday, March 25, 2022
CVE-2022-26996
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. (CVSS:10.0) (Last Update:2022-03-25)
http://dlvr.it/SMNdyK
http://dlvr.it/SMNdyK
QUAD officials meet in Sydney to discuss cyber security issues, says White House - ThePrint
QUAD officials meet in Sydney to discuss cyber security issues, says White House ThePrint
http://dlvr.it/SMNHwr
http://dlvr.it/SMNHwr
CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). (CVSS:10.0) (Last Update:2022-03-24)
http://dlvr.it/SMMHHm
http://dlvr.it/SMMHHm
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users
Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds.
"These malicious apps were able to steal victims' secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey," said Lukáš Štefanko
http://dlvr.it/SMMH80
http://dlvr.it/SMMH80
Thursday, March 24, 2022
Parsons to Provide Cybersecurity Modules for NSA's Virtual Cyber Exercise - ExecutiveBiz
Parsons to Provide Cybersecurity Modules for NSA's Virtual Cyber Exercise ExecutiveBiz
http://dlvr.it/SMKGjJ
http://dlvr.it/SMKGjJ
Governor Ron DeSantis Announces $20 Million to Create Cybersecurity and Information Technology Workforce Education Opportunities - Florida Governor Ron DeSantis
Governor Ron DeSantis Announces $20 Million to Create Cybersecurity and Information Technology Workforce Education Opportunities Florida Governor Ron DeSantis
http://dlvr.it/SMJt1R
http://dlvr.it/SMJt1R
CVE-2022-26211
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. (CVSS:7.5) (Last Update:2022-03-22)
http://dlvr.it/SMHqdP
http://dlvr.it/SMHqdP
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns
Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.
According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same
http://dlvr.it/SMHqKv
http://dlvr.it/SMHqKv
Monday, March 7, 2022
Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking
Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges.
The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP
http://dlvr.it/SLFjzb
http://dlvr.it/SLFjzb
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the
http://dlvr.it/SLF88r
http://dlvr.it/SLF88r
Sunday, March 6, 2022
Pentagon outlines plan to make continuous ATOs the new ‘gold standard’ for cybersecurity - Federal News Network
Pentagon outlines plan to make continuous ATOs the new ‘gold standard’ for cybersecurity Federal News Network
http://dlvr.it/SLCNBg
http://dlvr.it/SLCNBg
SEC Issues Proposed Cyber Rule, 48-Hour Breach Reporting Requirement - The National Law Review
SEC Issues Proposed Cyber Rule, 48-Hour Breach Reporting Requirement The National Law Review
http://dlvr.it/SLB5kD
http://dlvr.it/SLB5kD
Saturday, March 5, 2022
Keyavi Data Wins Gold as Startup of the Year in 18th Annual Globee Cyber Security Global Excellence Awards - Business Wire
Keyavi Data Wins Gold as Startup of the Year in 18th Annual Globee Cyber Security Global Excellence Awards Business Wire
http://dlvr.it/SL8tNY
http://dlvr.it/SL8tNY
How to Team Up with IT for Cybersecurity - FacilitiesNet
How to Team Up with IT for Cybersecurity FacilitiesNet
http://dlvr.it/SL8fmB
http://dlvr.it/SL8fmB
Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies - SEC.gov
Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies SEC.gov
http://dlvr.it/SL83Z2
http://dlvr.it/SL83Z2
CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," the agency said in an advisory
http://dlvr.it/SL7h2p
http://dlvr.it/SL7h2p
Friday, March 4, 2022
FBI director aims at broadening cybersecurity abilities of local, state, federal agencies - Kansas Reflector
FBI director aims at broadening cybersecurity abilities of local, state, federal agencies Kansas Reflector
http://dlvr.it/SL6LpV
http://dlvr.it/SL6LpV
CVE-2022-25643
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. (CVSS:9.3) (Last Update:2022-03-04)
http://dlvr.it/SL64gK
http://dlvr.it/SL64gK
Biden says 'we are prepared to respond' if Russia launches cyberattack against US - USA TODAY
Biden says 'we are prepared to respond' if Russia launches cyberattack against US USA TODAY
http://dlvr.it/SL5k6Z
http://dlvr.it/SL5k6Z
Fast-growing cybersecurity firm Red Sift picks Austin for U.S. headquarters - Austin American-Statesman
Fast-growing cybersecurity firm Red Sift picks Austin for U.S. headquarters Austin American-Statesman
http://dlvr.it/SL5FpN
http://dlvr.it/SL5FpN
New Security Vulnerability Affects Thousands of GitLab Instances
Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions
http://dlvr.it/SL4hkg
http://dlvr.it/SL4hkg
Thursday, March 3, 2022
CVE-2022-25417
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. (CVSS:10.0) (Last Update:2022-03-03)
http://dlvr.it/SL2rWx
http://dlvr.it/SL2rWx
CVE-2022-25077
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. (CVSS:7.5) (Last Update:2022-03-03)
http://dlvr.it/SL2XR0
http://dlvr.it/SL2XR0
Vietnam, China cooperate in holding cyber security training course - http://en.vietnamplus.vn/
Vietnam, China cooperate in holding cyber security training course http://en.vietnamplus.vn/
http://dlvr.it/SL1dCx
http://dlvr.it/SL1dCx
CVE-2022-25330
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. (CVSS:7.5) (Last Update:2022-03-02)
http://dlvr.it/SL136m
http://dlvr.it/SL136m
Wednesday, March 2, 2022
CVE-2022-25075
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. (CVSS:7.5) (Last Update:2022-03-02)
http://dlvr.it/SKysqf
http://dlvr.it/SKysqf
The Rise of VR and the Transformation of the Cybersecurity Capability - Infosecurity Magazine
The Rise of VR and the Transformation of the Cybersecurity Capability Infosecurity Magazine
http://dlvr.it/SKyR2W
http://dlvr.it/SKyR2W
Cybersecurity platform CrowdSec expands into the United States with collaborative solutions suite launch - PR Newswire
Cybersecurity platform CrowdSec expands into the United States with collaborative solutions suite launch PR Newswire
http://dlvr.it/SKxwx8
http://dlvr.it/SKxwx8
Cybersecurity M&A Roundup: 35 Deals Announced in February 2022 - SecurityWeek
Cybersecurity M&A Roundup: 35 Deals Announced in February 2022 SecurityWeek
http://dlvr.it/SKxM1z
http://dlvr.it/SKxM1z
Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack.
The weaknesses were identified and reported by JFrog's Security Research team, following which the project maintainers released
http://dlvr.it/SKxLCx
http://dlvr.it/SKxLCx
Tuesday, March 1, 2022
Toyota shuts down production after ‘cyber-attack’ on supplier - The Daily Swig
Toyota shuts down production after ‘cyber-attack’ on supplier The Daily Swig
http://dlvr.it/SKvFyN
http://dlvr.it/SKvFyN
Quantum Computing and Cybersecurity: A Fusion that Cannot be Ignored - Analytics Insight
Quantum Computing and Cybersecurity: A Fusion that Cannot be Ignored Analytics Insight
http://dlvr.it/SKttQQ
http://dlvr.it/SKttQQ
Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion
A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion.
Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper
http://dlvr.it/SKtQRz
http://dlvr.it/SKtQRz
Subscribe to:
Posts (Atom)
Cybersecurity needs AI as much as AI needs cybersecurity - Techzine Europe
Cybersecurity needs AI as much as AI needs cybersecurity Techzine Europe http://dlvr.it/TDY1dr
-
Cybersecurity needs AI as much as AI needs cybersecurity Techzine Europe http://dlvr.it/TDY1dr
-
Supply chain cyberattacks threaten healthcare. Here’s how the industry can work together to limit disruption. Healthcare Dive http://dlvr...
-
This statistic presents a ranking of the countries with the highest commitment to cyber security based on the Global Cybersecurity Index (GC...