Security Boulevard

DECEMBER 28, 2021

It’s been four years since OWASP updated its Top 10 list , but this year we got three brand new categories along with a reshuffling of the rest. With lists from years past, the specificity meant that they could be used (some would say misused) as a starting point for identifying vulnerabilities present in your application. Conclusion.

Software 112

Software Risk Authentication 112

Security Boulevard

AUGUST 21, 2023

However, introducing additional siloed tools leads to new operating complexities without delivering the comprehensive visibility, relevant deep context and operational streamlining that application security teams really need, prompting the need for a new solutions category known as Application Security Posture Management (ASPM).

Software 96

Software Risk 96

Security Affairs

MAY 27, 2022

Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The experts pointed out that the vulnerabilities affected apps with millions of downloads, the good news is that the flaws have been fixed. BROWSABLE Activity with the “mcedigital://” scheme (source Microsoft).

Mobile 145

Mobile Hacking Cybersecurity Information Security 145

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. The vulnerability impacts all versions starting from 11.10 Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. before 14.9.5,

Accountability 141

Accountability Hacking Cybersecurity Information Security 141

Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. To nominate, please visit:?. Pierluigi Paganini.

Firewall 128

Firewall VPN Authentication Cyber Attacks 128

Security Affairs

MAY 25, 2022

Chaining the above vulnerabilities, an attacker can trick a vulnerable client into connecting to a rogue server, potentially leading to arbitrary code execution due to an update package downgrade in Zoom Client for Windows that could allow the installation of a less secure version. that addresses the above vulnerabilities.

Hacking 142

Hacking Cybersecurity Information Security 142

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0014. cations of this vulnerability are serious.” states VMware.

Authentication 137

Authentication Healthcare Education Cybersecurity 137

Security Affairs

JUNE 13, 2022

Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. “Attackers continue to exploit vulnerability CVE-2022-30190 and are increasingly resorting to emails from compromised government emails.” To nominate, please visit:?.

Media 98

Media Government Hacking Cybersecurity 98

Security Affairs

JUNE 20, 2022

The vulnerability, which received a CVSS severity rating of 9.8 “This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. ” reads the Cisco advisory. Pierluigi Paganini.

Small Business 99

Small Business Authentication Software Hacking 99

Security Affairs

JUNE 3, 2022

Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. Further details about the vulnerability are being withheld until a fix is available.”

Internet 142

Internet Internet Authentication Hacking 142

The Last Watchdog

AUGUST 29, 2022

In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. Exploited vulnerabilities were the second leader at almost 20 percent. We’ve shared some helpful guidance on password security at Zigrin Security blog. Brute forcing passwords (10 percent) came in third.

Hacking 151

Hacking Passwords Password Management Data breaches 151

Security Affairs

JUNE 20, 2022

Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. the google researcher Maddie Stone added.

Hacking 125

Hacking Software Cybersecurity Data breaches 125

Security Affairs

JUNE 19, 2022

A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites. The researchers believe that this vulnerability is being actively exploited in the wild, it has been rated with a CVSS score of 9.8. The vulnerability resides in the Merge Tag feature of the plugin. Pierluigi Paganini.

Hacking 122

Hacking Cybersecurity Information Security 122

Security Affairs

JUNE 16, 2022

Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of a vulnerable device.

Authentication 97

Authentication Hacking Software Cybersecurity 97

Security Affairs

JUNE 10, 2022

CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Further details about the vulnerability are being withheld until a fix is available.” reads the advisory published by the company.

Cryptocurrency 129

Cryptocurrency Malware Hacking Cybersecurity 129

Heimadal Security

JULY 2, 2021

fixing known or recently disclosed vulnerabilities), but they can also play on performance or accessibility. Asides from those, Microsoft does also offer another category of updates called optional quality (updates). appeared first on Heimdal Security Blog. For the most part, these are security-related (i.e.,

52

52

Security Affairs

MAY 30, 2022

Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware 142

Malware DDOS IoT Cybercrime 142

Security Affairs

JUNE 17, 2022

Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040 , in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability has been fixed.” The CVE-2022-1040 flaw received a CVSS score of 9.8 MR3 (18.5.3) and earlier. “An

Firewall 135

Firewall DNS Authentication Malware 135

NopSec

FEBRUARY 13, 2024

Brad LaPort , a veteran Gartner analyst and I were on a content project, talking about why the market was missing out on a new category to encapsulate the disparate exposure data and derive actionable insights. Then the conversation carried on with Mitchell Schneider , a prominent Gartner analyst covering Threat and Vulnerability Management.

Marketing 52

Marketing Risk Digital transformation Software 52

Security Affairs

JUNE 5, 2022

Early this week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. Further details about the vulnerability are being withheld until a fix is available.”

Internet 130

Internet Internet IoT Software 130

Security Affairs

MAY 31, 2022

Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as CVE-2022-30190 (CVSS score 7.8), in the Microsoft Office productivity suite.

Cybersecurity 109

Cybersecurity Hacking Accountability Information Security 109

Security Affairs

MAY 25, 2022

In the second campaign that started in March the threat actor packaged its custom malware in a tar archive named Patch_Log4j.tar.gz, the attackers disguised the malicious code as an updates for the Log4j vulnerability. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Government 115

Government Malware Phishing Hacking 115

Security Affairs

MAY 29, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). I ask you to vote for me again (even if you have already done it), because this vote is for the final.

InfoSec 111

InfoSec Spyware DDOS Firewall 111

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Hacking 87

Hacking Cybersecurity Information Security 87

Security Affairs

JUNE 6, 2022

This vulnerability comes from a failure to check the parameters sent as inputs into the system before they are processed by the server. . Please note that patches for these specific vulnerabilities have been released by Resi. Vulnerability Description : Improper Access Control – CWE-284 Software Version : 4.2 RESI S.p.A.

Software 117

Software Architecture Technology Engineering 117

Security Affairs

MAY 26, 2022

The vulnerabilities were reported by Manfred Paul during the Pwn2Own 2022 hacking contest that took place in Vancouver last week: CVE-2022-1802: Prototype pollution in Top-Level Await implementation CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution. ” reads the advisory.

Surveillance 106

Surveillance Passwords Hacking Encryption 106

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Researchers from cybersecurity firm GreyNoise reported that 23 unique IP addresses were observed exploiting the Atlassian vulnerabilities. 23 unique IPs so far.

VPN 124

VPN IoT Cybersecurity Engineering 124

Centraleyes

APRIL 23, 2024

This section seeks to objectively explore specific categories of digital risks, unraveling strategic approaches to mitigate them effectively. These risks encompass system outages, service interruptions, and vulnerabilities within the supply chain. This category encompasses threats like data breaches and inadequate privacy controls.

Risk 52

Risk Technology Artificial Intelligence Data privacy 52

Security Affairs

JUNE 12, 2022

Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. ” continues the post.

Firmware 98

Firmware Penetration Testing Manufacturing Authentication 98

Security Affairs

JUNE 6, 2022

An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.” Pierluigi Paganini.

Phishing 111

Phishing Government Cybersecurity Hacking 111

Security Affairs

MAY 31, 2022

“Cyble Research Labs conducted research over vulnerable instances of the Peruvian government’s cyberinfrastructure and identified 21 instances from 11 ministerial websites with the most exploited CVEs from 2021.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Government 144

Government Ransomware Cybercrime Banking 144

Security Affairs

JUNE 15, 2022

Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Follow me on Twitter: @securityaffairs and Facebook.

Passwords 94

Passwords Hacking Cybersecurity Information Security 94

Schneier on Security

NOVEMBER 17, 2017

The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. Improved transparency is critical.

Government 121

Government Cybersecurity Accountability Software 121

Google Security

JANUARY 11, 2024

Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives.

70

70

Security Affairs

JUNE 21, 2022

From February 26 until early March, the attackers started exploiting the ProxyLogon vulnerability in attacks aimed at organizations across Europe and Asia. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Architecture 125

Architecture Malware Hacking Cybersecurity 125

NopSec

MAY 4, 2022

Security teams need to get ahead of potential threats such as ransomware attacks , privacy invasions, exploitations of common vulnerabilities, and the like. To manage what feels like chaos requires breaking down the dangers in categories and managing accordingly. What are Vulnerabilities? What are Risks?

Risk 52

Risk Marketing Cyber Risk CISO 52

NetSpi Executives

NOVEMBER 14, 2023

Quality vendors extend their reporting beyond a simple PDF and into custom software, such as NetSPI’s Resolve , that aids ongoing vulnerability management. Provide clients with an understanding of the potential impact vulnerabilities could have by leveraging them to gain access to critical resources.

Penetration Testing 94

Penetration Testing Architecture Security Performance Risk 94