Thursday, March 31, 2022

Cybersecurity awareness training being funded for municipal employees statewide - WWLP.com

Cybersecurity awareness training being funded for municipal employees statewide  WWLP.com
http://dlvr.it/SMlXMR

CVE-2022-27946

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. (CVSS:9.0) (Last Update:2022-03-31)
http://dlvr.it/SMlDxS

Siemens Critical Infrastructure Defense Center latest investment in Canada’s cybersecurity network - Yahoo Finance

Siemens Critical Infrastructure Defense Center latest investment in Canada’s cybersecurity network  Yahoo Finance
http://dlvr.it/SMktK7

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users
http://dlvr.it/SMkPFt

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022. "If exploited, the vulnerability allows
http://dlvr.it/SMjqPy

Wednesday, March 30, 2022

Cyber-security rules proposed for EU bodies amid cyber attack worries - The Straits Times

Cyber-security rules proposed for EU bodies amid cyber attack worries  The Straits Times
http://dlvr.it/SMh30D

CVE-2022-27811

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. (CVSS:7.5) (Last Update:2022-03-30)
http://dlvr.it/SMgl1T

South Dakota Universities Partner on Agriculture Cybersecurity - Government Technology

South Dakota Universities Partner on Agriculture Cybersecurity  Government Technology
http://dlvr.it/SMgNQM

H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs - HealthITSecurity

H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs  HealthITSecurity
http://dlvr.it/SMfvCn

Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances

SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as CVE-2022-22274 (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that
http://dlvr.it/SMfJqr

Tuesday, March 29, 2022

Prepare and Protect Your Cyber Security Against New Threats - TAPinto.net

Prepare and Protect Your Cyber Security Against New Threats  TAPinto.net
http://dlvr.it/SMcWhg

CVE-2022-26536

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. (CVSS:10.0) (Last Update:2022-03-29)
http://dlvr.it/SMcCYm

Being small isn't the cybersecurity protection you think it is - North Bay Business Journal

Being small isn't the cybersecurity protection you think it is  North Bay Business Journal
http://dlvr.it/SMbr2M

Vulcan Cyber Joins Microsoft Intelligent Security Association, Integrates Microsoft Defender for Endpoint Threat and Vulnerability Management into Cyber Risk Management Platform USA - English - USA - English - PR Newswire

Vulcan Cyber Joins Microsoft Intelligent Security Association, Integrates Microsoft Defender for Endpoint Threat and Vulnerability Management into Cyber Risk Management Platform USA - English - USA - English  PR Newswire
http://dlvr.it/SMbLgk

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal
http://dlvr.it/SMZmwB

Monday, March 28, 2022

As Russia hackers target US, cyber security expert advises on computer protection - WPEC

As Russia hackers target US, cyber security expert advises on computer protection  WPEC
http://dlvr.it/SMXzvY

CVE-2022-26293

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. (CVSS:7.5) (Last Update:2022-03-28)
http://dlvr.it/SMXhds

Cybersecurity in the Quantum Age - Observer Research Foundation

Cybersecurity in the Quantum Age  Observer Research Foundation
http://dlvr.it/SMXL0t

Biden proposes 11% boost in federal IT budget, $10.9B for cyber - FedScoop

Biden proposes 11% boost in federal IT budget, $10.9B for cyber  FedScoop
http://dlvr.it/SMWt70

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The
http://dlvr.it/SMWKWZ

Sunday, March 27, 2022

How to manage imposter syndrome in cybersecurity - TechTarget

How to manage imposter syndrome in cybersecurity  TechTarget
http://dlvr.it/SMTbT0

Everything you need to know about cybersecurity in 2022 - World Economic Forum

Everything you need to know about cybersecurity in 2022  World Economic Forum
http://dlvr.it/SMTLHg

Review of the Cybersecurity Act and Update to the Cybersecurity Code of Practice for CIIs - Cyber Security Agency of Singapore

Review of the Cybersecurity Act and Update to the Cybersecurity Code of Practice for CIIs  Cyber Security Agency of Singapore
http://dlvr.it/SMT4by

Inspiring the Next Generation of Cyber Leaders - Security Magazine

Inspiring the Next Generation of Cyber Leaders  Security Magazine
http://dlvr.it/SMSmHv

Week in review: Lapsus$ breaches Okta and Microsoft, Red Team 101, cybersecurity during M&As - Help Net Security

Week in review: Lapsus$ breaches Okta and Microsoft, Red Team 101, cybersecurity during M&As  Help Net Security
http://dlvr.it/SMSQMF

Saturday, March 26, 2022

Singapore: Cyber Security Agency advises businesses to strengthen cybersecurity posture against cyberattacks - GlobalComplianceNews

Singapore: Cyber Security Agency advises businesses to strengthen cybersecurity posture against cyberattacks  GlobalComplianceNews
http://dlvr.it/SMRKHc

Data Center Security: Where Cyber Meets Physical - Data Center Knowledge

Data Center Security: Where Cyber Meets Physical  Data Center Knowledge
http://dlvr.it/SMR630

What, exactly, is cybersecurity? And why does it matter? - ZDNet

What, exactly, is cybersecurity? And why does it matter?  ZDNet
http://dlvr.it/SMQrGW

Five cybersecurity trends to look for in 2022 - SC Media

Five cybersecurity trends to look for in 2022  SC Media
http://dlvr.it/SMQWp4

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022. Type confusion errors,
http://dlvr.it/SMQ9Fz

Friday, March 25, 2022

CVE-2022-26996

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. (CVSS:10.0) (Last Update:2022-03-25)
http://dlvr.it/SMNdyK

QUAD officials meet in Sydney to discuss cyber security issues, says White House - ThePrint

QUAD officials meet in Sydney to discuss cyber security issues, says White House  ThePrint
http://dlvr.it/SMNHwr

Cybersecurity incident response: Lessons learned from 2021 - TechRepublic

Cybersecurity incident response: Lessons learned from 2021  TechRepublic
http://dlvr.it/SMMqc5

CVE-2022-26501

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). (CVSS:10.0) (Last Update:2022-03-24)
http://dlvr.it/SMMHHm

Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey," said Lukáš Štefanko
http://dlvr.it/SMMH80

Thursday, March 24, 2022

Parsons to Provide Cybersecurity Modules for NSA's Virtual Cyber Exercise - ExecutiveBiz

Parsons to Provide Cybersecurity Modules for NSA's Virtual Cyber Exercise  ExecutiveBiz
http://dlvr.it/SMKGjJ

Governor Ron DeSantis Announces $20 Million to Create Cybersecurity and Information Technology Workforce Education Opportunities - Florida Governor Ron DeSantis

Governor Ron DeSantis Announces $20 Million to Create Cybersecurity and Information Technology Workforce Education Opportunities  Florida Governor Ron DeSantis
http://dlvr.it/SMJt1R

Return to growth for cyber security group - Prolific North

Return to growth for cyber security group  Prolific North
http://dlvr.it/SMJNBK

CVE-2022-26211

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. (CVSS:7.5) (Last Update:2022-03-22)
http://dlvr.it/SMHqdP

Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.  According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same
http://dlvr.it/SMHqKv

Monday, March 7, 2022

Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP
http://dlvr.it/SLFjzb

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the
http://dlvr.it/SLF88r

Saturday, March 5, 2022

Keyavi Data Wins Gold as Startup of the Year in 18th Annual Globee Cyber Security Global Excellence Awards - Business Wire

Keyavi Data Wins Gold as Startup of the Year in 18th Annual Globee Cyber Security Global Excellence Awards  Business Wire
http://dlvr.it/SL8tNY

How to Team Up with IT for Cybersecurity - FacilitiesNet

How to Team Up with IT for Cybersecurity  FacilitiesNet
http://dlvr.it/SL8fmB

Spotlight on: U.S. Government’s move towards Zero Trust Cybersecurity - JD Supra

Spotlight on: U.S. Government’s move towards Zero Trust Cybersecurity  JD Supra
http://dlvr.it/SL8PBS

Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies - SEC.gov

Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies  SEC.gov
http://dlvr.it/SL83Z2

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," the agency said in an advisory
http://dlvr.it/SL7h2p

Friday, March 4, 2022

FBI director aims at broadening cybersecurity abilities of local, state, federal agencies - Kansas Reflector

FBI director aims at broadening cybersecurity abilities of local, state, federal agencies  Kansas Reflector
http://dlvr.it/SL6LpV

CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. (CVSS:9.3) (Last Update:2022-03-04)
http://dlvr.it/SL64gK

Biden says 'we are prepared to respond' if Russia launches cyberattack against US - USA TODAY

Biden says 'we are prepared to respond' if Russia launches cyberattack against US  USA TODAY
http://dlvr.it/SL5k6Z

Fast-growing cybersecurity firm Red Sift picks Austin for U.S. headquarters - Austin American-Statesman

Fast-growing cybersecurity firm Red Sift picks Austin for U.S. headquarters  Austin American-Statesman
http://dlvr.it/SL5FpN

New Security Vulnerability Affects Thousands of GitLab Instances

Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions
http://dlvr.it/SL4hkg

Thursday, March 3, 2022

CVE-2022-25417

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. (CVSS:10.0) (Last Update:2022-03-03)
http://dlvr.it/SL2rWx

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. (CVSS:7.5) (Last Update:2022-03-03)
http://dlvr.it/SL2XR0

Latest developments in Ukraine and Cyber Security knock-on effects. - Newstalk

Latest developments in Ukraine and Cyber Security knock-on effects.  Newstalk
http://dlvr.it/SL27YQ

Vietnam, China cooperate in holding cyber security training course - http://en.vietnamplus.vn/

Vietnam, China cooperate in holding cyber security training course  http://en.vietnamplus.vn/
http://dlvr.it/SL1dCx

CVE-2022-25330

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. (CVSS:7.5) (Last Update:2022-03-02)
http://dlvr.it/SL136m

Wednesday, March 2, 2022

CVE-2022-25075

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. (CVSS:7.5) (Last Update:2022-03-02)
http://dlvr.it/SKysqf

The Rise of VR and the Transformation of the Cybersecurity Capability - Infosecurity Magazine

The Rise of VR and the Transformation of the Cybersecurity Capability  Infosecurity Magazine
http://dlvr.it/SKyR2W

Cybersecurity platform CrowdSec expands into the United States with collaborative solutions suite launch - PR Newswire

Cybersecurity platform CrowdSec expands into the United States with collaborative solutions suite launch  PR Newswire
http://dlvr.it/SKxwx8

Cybersecurity M&A Roundup: 35 Deals Announced in February 2022 - SecurityWeek

Cybersecurity M&A Roundup: 35 Deals Announced in February 2022  SecurityWeek
http://dlvr.it/SKxM1z

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack

As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. The weaknesses were identified and reported by JFrog's Security Research team, following which the project maintainers released
http://dlvr.it/SKxLCx

Tuesday, March 1, 2022

Toyota shuts down production after ‘cyber-attack’ on supplier - The Daily Swig

Toyota shuts down production after ‘cyber-attack’ on supplier  The Daily Swig
http://dlvr.it/SKvFyN

Quantum Computing and Cybersecurity: A Fusion that Cannot be Ignored - Analytics Insight

Quantum Computing and Cybersecurity: A Fusion that Cannot be Ignored  Analytics Insight
http://dlvr.it/SKttQQ

Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper 
http://dlvr.it/SKtQRz

NHS shoring up cyber security amid crisis - Forres Gazette

NHS shoring up cyber security amid crisis  Forres Gazette
http://dlvr.it/SKssbW

CVE-2022-24553

An issue was found in Zfaka
http://dlvr.it/SKsrtb

German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser...