Saturday, April 30, 2022

CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Cybersecurity Vulnerabilities - CISA

* CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Cybersecurity Vulnerabilities  CISA * Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021 | eSecurityPlanet  eSecurity Planet * NCSC, international partners issue cyber security advisory  SecurityBrief New Zealand * CISA sounds alarms on most exploited cybersecurity vulnerabilities  Becker's Hospital Review * Cybersecurity Advisory Released By CISA, NSA, FBI, ACSC, CCCS, NZ-NCSC, NCSC-UK Regarding The Top 15 Common Vulnerabilities + Exposures – SatNews  SatNews * View Full Coverage on Google News
http://dlvr.it/SPY028

Real-time is where the cybersecurity risk is - CSO Online

Real-time is where the cybersecurity risk is  CSO Online
http://dlvr.it/SPXzzq

How to achieve cyber security readiness: Lessons from Silicon Valley and the Pentagon - Cyber Security Hub

How to achieve cyber security readiness: Lessons from Silicon Valley and the Pentagon  Cyber Security Hub
http://dlvr.it/SPXjcZ

Cyber Security Today, April 27, 2022 - Lots of software still has log4j2 vulnerabilities, hackers took only days to exploit a VMware vulnerability and more - ITBusiness.ca

Cyber Security Today, April 27, 2022 - Lots of software still has log4j2 vulnerabilities, hackers took only days to exploit a VMware vulnerability and more  ITBusiness.ca
http://dlvr.it/SPXNL6

CVE-2022-28426

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=. (CVSS:7.5) (Last Update:2022-04-29)
http://dlvr.it/SPX0ct

Friday, April 29, 2022

An Urgent Need for Cybersecurity Stocks - Kiplinger's Personal Finance

An Urgent Need for Cybersecurity Stocks  Kiplinger's Personal Finance
http://dlvr.it/SPVBP6

For cybersecurity, focus on options - The Gazette

For cybersecurity, focus on options  The Gazette
http://dlvr.it/SPVB7Z

3 Ways We Can Improve Cybersecurity - DARKReading

3 Ways We Can Improve Cybersecurity  DARKReading
http://dlvr.it/SPVB6v

CVE-2022-28432

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2. (CVSS:7.5) (Last Update:2022-04-28)
http://dlvr.it/SPTkcd

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass
http://dlvr.it/SPTB2j

Thursday, April 28, 2022

Tenet says 'cybersecurity incident' disrupted hospital operations - Cybersecurity Dive

Tenet says 'cybersecurity incident' disrupted hospital operations  Cybersecurity Dive
http://dlvr.it/SPQt51

Tenet Healthcare Investigating Cybersecurity Incident - HealthITSecurity

Tenet Healthcare Investigating Cybersecurity Incident  HealthITSecurity
http://dlvr.it/SPQskz

Evolving Ransomware Demands an AI-powered Threat Detection and Response System - Tech Wire Asia

Evolving Ransomware Demands an AI-powered Threat Detection and Response System  Tech Wire Asia
http://dlvr.it/SPQsgm

SISA Releases Learnings from Global Forensic Investigations to help the Financial Sector - PR Newswire

SISA Releases Learnings from Global Forensic Investigations to help the Financial Sector  PR Newswire
http://dlvr.it/SPQNvC

CVE-2022-28108

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. (CVSS:9.3) (Last Update:2022-04-27)
http://dlvr.it/SPPrCr

Wednesday, April 27, 2022

International cyber security leaders to appear at flagship UK conference - National Cyber Security Centre

International cyber security leaders to appear at flagship UK conference  National Cyber Security Centre
http://dlvr.it/SPMLfr

Space Force to shore up cybersecurity as threats proliferate - SpaceNews

Space Force to shore up cybersecurity as threats proliferate  SpaceNews
http://dlvr.it/SPMLDl

Former Sen. Vinny deMacedo, MA colleges take the front lines of cyber security battle - Wicked Local

Former Sen. Vinny deMacedo, MA colleges take the front lines of cyber security battle  Wicked Local
http://dlvr.it/SPMLD1

[eBook] Your First 90 Days as MSSP: 10 Steps to Success

Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we’ve seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren’t just focusing their efforts on supply chains.For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud – creating a new avenue
http://dlvr.it/SPLrYS

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field. (CVSS:7.1) (Last Update:2022-04-26)
http://dlvr.it/SPLHD7

Tuesday, April 26, 2022

Two Elgin governments face 'cyber security' woes. Are citizens at risk? - West Lorne Chronicle

Two Elgin governments face 'cyber security' woes. Are citizens at risk?  West Lorne Chronicle
http://dlvr.it/SPHLNn

Increasing cybersecurity posture: Milkman Technologies chooses WhiteJar's ethical solution - Yahoo Finance

Increasing cybersecurity posture: Milkman Technologies chooses WhiteJar's ethical solution  Yahoo Finance
http://dlvr.it/SPHKdb

Almost half of schemes lacking cyber security testing - Pensions Expert

Almost half of schemes lacking cyber security testing  Pensions Expert
http://dlvr.it/SPHK9Y

Cybersecurity M&A Activity to Continue; Growth Funding to be More Conservative - SecurityWeek

Cybersecurity M&A Activity to Continue; Growth Funding to be More Conservative  SecurityWeek
http://dlvr.it/SPHK77

CVE-2022-28113

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. (CVSS:9.0) (Last Update:2022-04-25)
http://dlvr.it/SPGmG7

Monday, April 25, 2022

Two Rare Moves Hallmark Cyber Ready Boards - Forbes

Two Rare Moves Hallmark Cyber Ready Boards  Forbes
http://dlvr.it/SPCK8W

Trend Micro Unites Industry With Most Powerful and Complete Security Platform - PR Newswire

Trend Micro Unites Industry With Most Powerful and Complete Security Platform  PR Newswire
http://dlvr.it/SPCJrj

Canada needs new security measures to fight mounting cyber risks - TechHQ

Canada needs new security measures to fight mounting cyber risks  TechHQ
http://dlvr.it/SPCJLM

Cybersecurity Myths That Are Compromising Your Data And How To Address Them - VARinsights

Cybersecurity Myths That Are Compromising Your Data And How To Address Them  VARinsights
http://dlvr.it/SPCJHX

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and
http://dlvr.it/SPCHCx

Sunday, April 24, 2022

CVE-2022-28396

Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs. (CVSS:7.5) (Last Update:2022-04-20)
http://dlvr.it/SP8S6Q

CVE-2022-28032

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php (CVSS:7.5) (Last Update:2022-04-18)
http://dlvr.it/SP8Rrn

CVE-2022-28034

AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php (CVSS:7.5) (Last Update:2022-04-18)
http://dlvr.it/SP8RSG

CVE-2022-28347

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. (CVSS:7.5) (Last Update:2022-04-19)
http://dlvr.it/SP8R5Y

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVSS:7.5) (Last Update:2022-04-19)
http://dlvr.it/SP8R4F

Saturday, April 2, 2022

Web vendor CafePress fined $500,000 for giving cybersecurity a low value - Naked Security

Web vendor CafePress fined $500,000 for giving cybersecurity a low value  Naked Security
http://dlvr.it/SMsM9M

Baker-Polito Administration Announces 2022 Municipal Cybersecurity Awareness Grant Program Awards - Mass.gov

Baker-Polito Administration Announces 2022 Municipal Cybersecurity Awareness Grant Program Awards  Mass.gov
http://dlvr.it/SMs6hL

CRP Success Story: Enhancing Computer Security Incident Analysis at Nuclear Facilities (J02008) - International Atomic Energy Agency

CRP Success Story: Enhancing Computer Security Incident Analysis at Nuclear Facilities (J02008)  International Atomic Energy Agency
http://dlvr.it/SMrqx4

Focus on physical threats left maritime sector short on cybersecurity, says DHS chief - SC Media

Focus on physical threats left maritime sector short on cybersecurity, says DHS chief  SC Media
http://dlvr.it/SMrVz8

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts

DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. "A hardcoded password was set for accounts registered using an 
http://dlvr.it/SMr7Bj

Friday, April 1, 2022

CISOs see opportunities amid heightened cybersecurity risks - Healthcare IT News

CISOs see opportunities amid heightened cybersecurity risks  Healthcare IT News
http://dlvr.it/SMptqn

CVE-2022-27175

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. (CVSS:10.0) (Last Update:2022-04-01)
http://dlvr.it/SMpcPy

Documents reveal financial fallout of Salt Lake City IT security breach - KSLTV

Documents reveal financial fallout of Salt Lake City IT security breach  KSLTV
http://dlvr.it/SMpH8L

Cyber Attack in Greenland - High North News

Cyber Attack in Greenland  High North News
http://dlvr.it/SMnqq0

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously. Tracked as CVE-2022-22675,
http://dlvr.it/SMnHc5

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This mea...