GitHub Opens Security Database to Community Contributions
The Microsoft company will allow community members to add information and code samples to security advisories using the standard pull request to change the docu...
Read More...
Ransomware Trained on Manufacturing Firms Led Cyberattacks in Industrial Sector
Meanwhile, a few "alarming" infiltrations of OT networks by previously unknown threat groups occurred last year as well.
Read More...
Cloud computing: Microsoft fixes Azure flaw that could have allowed access to other accounts
Microsoft has fixed a bug in its Azure Automation service that allowed an attacker on the service to access resources and data of other users.
Read More...
APT41 Spies Broke Into 6 US State Networks via a Livestock App
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government network...
Read More...
Russian APTs Furiously Phish Ukraine – Google
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.
Read More...
Best Practices
BrandPost: 10 Steps to Take Now to Guard Against Russian Cyber Attacks
The world is watching closely as Russia’s invasion of Ukraine evolves with each passing day. The conflict, combined with geopolitical tensions prompted by th...
Read More...
New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs
The hardware-based mitigations introduced in Intel and ARM CPUs over the past few years to fix a serious flaw called Spectre are not as strong as believed. R...
Read More...
Google to Buy Mandiant Aims to Automate Security Response
In a deal worth $5.4 billion, Google would expand its security portfolio with managed detection and response (MDR) and threat intelligence, with an increasing f...
Read More...
High-impact DDoS attacks target zero-day exploit in Mitel systems
Security researchers, network operators and security vendors have detected a new reflection/amplification distributed denial-of-service (DDoS) vulnerability ...
Read More...
New Threats and Vulnerabilities
CVE-2022-24467
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-245...
Read More...
CVE-2022-24398
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which w...
Read More...
CVE-2022-24090
Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sens...
Read More...
CVE-2022-24415
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI t...
Read More...
CVE-2022-21819
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access t...
Read More...
CVE-2022-26355
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private k...
Read More...
Patch Management
“Alexa hack yourself” – researchers describe new exploit that turns smart speakers against themselves
Researchers have discovered a novel way of exploiting Amazon Echo smart speakers to perform commands.
They get the Amazon Echo speaker to say the commands to...
Read More...
Conti ransomware gang which leaked ransomware victims’ data has its own data leaked
Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages bet...
Read More...
Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed
Two of the vulnerabilities are rated critical -- CVE-2022-22006 and CVE-2022-24501.
Read More...
.png)
.png)
.png)
.png)
.png)
