Security Affairs

MARCH 6, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. The exploitation can lead to complete system compromise.

IT 113

IT Cybersecurity Ransomware Risk 113

CGI

JUNE 1, 2021

Tue, 06/01/2021 - 08:12. Making sustainability a differentiator in global trade finance (part 2). This CGI blog post discusses three key motives driving sustainability in finance.

98

98

Outpost24

SEPTEMBER 29, 2021

Wed, 09/29/2021 - 09:33. Alice in Windowsland: 3 ways to escalate privileges and steal credentials. Florian Barre. Liatsis Fotios, Senior Security Consultant. Ghost Labs.

Security 87

Security 87

Security Affairs

MARCH 11, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 (CVSS score: 9.8), to its Known Exploited Vulnerabilities Catalog. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

Cloud 92

Cloud Libraries Cybersecurity Risk 92

Security Affairs

JULY 3, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 94

IT IoT Access Cybersecurity 94

Security Affairs

MARCH 25, 2024

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability CVE-2023-48788 (CVSS score 9.3)

IT 120

IT Cloud Cybersecurity Security 120

Security Affairs

FEBRUARY 15, 2022

Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22 [$7000][ 1273397 ] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24 [$7000][ 1286940 ] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13 [$7000][ 1288020 ] High CVE-2022-0606: Use after free in ANGLE.

Security 90

Security Access IT Information Security 90

Security Affairs

FEBRUARY 24, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. 2021-11-22 Vendor confirms our findings. and 4.0.37

IT 95

IT Authentication Cybersecurity Risk 95

Security Affairs

MAY 25, 2022

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel ( CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR ( CVE-2022-20821 ). The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: 6.5,

IT 144

IT Cybersecurity Risk Security 144

Security Affairs

DECEMBER 14, 2021

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. beta9 to 2.14.1. ” reads the announcement published by CISA. and above.

Libraries 99

Libraries Cybersecurity Security Risk 99

CGI

APRIL 8, 2021

Fri, 04/09/2021 - 01:07. Listening to the voice of our clients: Retail banks continue to reinvent their business models through digitization. This CGI blog post discusses the ongoing work of retail banks in digitizing their business models.

Retail 69

Retail 69

Security Affairs

JANUARY 26, 2022

A flaw in Polkit’s pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major Linux distros. An attacker can exploit a vulnerability in Polkit’s pkexec component, tracked as CVE-2021-4034, that affects all major Linux distributions to gain full root privileges on the system.

Communications 97

Communications IT Security Information Security 97

Security Affairs

DECEMBER 13, 2021

Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. — Matthew Prince (@eastdakota) December 11, 2021. “Cisco Talos has observed attacker activity related to CVE-2021-22448 beginning 02-December-2021. ” reads the advisory published by Cisco Talos.

Mining 120

Mining Honeypots Libraries IT 120

Security Affairs

AUGUST 22, 2023

“Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.” ” reads the advisory for this issue.

IT 88

IT Cybersecurity Risk Security 88

Security Affairs

APRIL 8, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 85

IT Ransomware Education Cybersecurity 85

HID Global

NOVEMBER 1, 2021

Mon, 11/01/2021 - 11:01. What Is PIAM and Why Do I Need It If I Have PACS?

IT 52

IT 52

CGI

MAY 11, 2021

Tue, 05/11/2021 - 01:48. Each offers fast ways to get started and the potential for quick wins. But, what are the key steps to ensuring a successful automation journey?

64

64

Security Affairs

JANUARY 6, 2021

Google released an Android security update that addresses 43 flaws, including a critical remote code execution vulnerability in the Android System component tracked as CVE-2021-0316. Google addressed the flaws with the release of Security patch levels of 2021-01-05 or later.

Security 96

Security Information Security IT 96

CGI

JUNE 21, 2021

Mon, 06/21/2021 - 01:46. Before drawing conclusions about the resilience of manufacturing supply chains, we must first establish how they will bounce back from over a year of intense pressure and change.

Manufacturing 59

Manufacturing 59

Security Affairs

JANUARY 23, 2024

This week, Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant observed crashes across multiple UNC3886 cases between late 2021 and early 2022. reads the report published by Mandiant.

IT 116

IT Cybersecurity Cloud Risk 116

Security Affairs

AUGUST 29, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog , including a high-severity security flaw ( CVE-2021-38406 CVSS score: 7.8) impacting Delta Electronics industrial automation software. ” reads the advisory.

IT 95

IT Authentication Cybersecurity Cloud 95

Security Affairs

SEPTEMBER 13, 2021

were disclosed to Google on September 8th, 2021. were disclosed to Google on September 8th, 2021. The first issue, tracked as CVE-2021-30632 is an out-of-bounds write that resides in the V8 JavaScript engine, while the CVE-2021-30633 flws is a use-after-free vulnerability that impacts the Indexed DB API. .

Security 96

Security Access IT Information Security 96

Security Affairs

JANUARY 23, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

CMS 97

CMS IT Authentication Libraries 97

CGI

JUNE 30, 2021

Thu, 07/01/2021 - 00:25. Traditional banks versus FinTechs: Cooperation, competition, or both? This CGI blog post discusses opportunities for traditional banks to collaborate with FinTechs. 4 min read

52

52

Security Affairs

MAY 15, 2021

Unfortunately, the bad news for NAS owners are not ended, the vendor also issued another security advisory to warn of an actively exploited zero-day vulnerability affecting Roon Labs’ Roon Server 2021-02-01 and earlier versions. “We have already notified Roon Labs of the issue and are thoroughly investigating the case.

Ransomware 99

Ransomware Passwords IoT Security 99

Security Affairs

FEBRUARY 4, 2021

Google has addressed an actively exploited zero-day vulnerability, tracked as CVE-2021-21148, with the release of the Chrome 88.0.4324.150 version. The flaw was rated by Google as high severity, it was reported by Mattias Buelens on January 24th, 2021. “CVE-2021-21148: Heap buffer overflow in V8.

Libraries 116

Libraries Security Access IT 116

HID Global

NOVEMBER 30, 2021

Tue, 11/30/2021 - 16:01. Scalable, Cost-Effective Protection - From PKI Technology. mchandarana.

52

52

Security Affairs

MARCH 15, 2021

The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine. 500][ 1167357 ] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15 [$TBD][ 1181387 ] High CVE-2021-21192: Heap buffer overflow in tab groups.

Libraries 114

Libraries Security IT Information Security 114

HID Global

NOVEMBER 1, 2021

Mon, 11/01/2021 - 10:57. How Biometrics Can Enhance the Banking Experience at Every Customer Touchpoint.

52

52

ForAllSecure

APRIL 27, 2021

On March 29, 2021, SC Magazine announced the finalists for their coveted SC Awards and ForAllSecure’s Mayhem for Code is a finalist for their “Best Enterprise Security Solution” category. Watch EP 01 See TV Guide. Proving the World Needs Continuous & Autonomous Security. Want to Learn More About Fuzz Testing?

Security 52

Security Cybersecurity Communications IT 52

ForAllSecure

APRIL 27, 2021

On March 29, 2021, SC Magazine announced the finalists for their coveted SC Awards and ForAllSecure’s Mayhem for Code is a finalist for their “Best Enterprise Security Solution” category. Watch EP 01 See TV Guide. Proving the World Needs Continuous & Autonomous Security. Want to Learn More About Fuzz Testing?

Security 52

Security Cybersecurity Communications IT 52

HID Global

SEPTEMBER 23, 2021

Thu, 09/23/2021 - 11:01. Open Banking in Canada: A Mission to Deliver Greater Opportunities to Consumers.

52

52

Outpost24

JUNE 7, 2022

Wed, 06/08/2022 - 01:10. Jester stealer is an information stealer that has been around since mid-July 2021. Possible Link Between Jester Stealer and Eternity Stealer. Florian Barre. Threat Intelligence.

52

52

Security Affairs

DECEMBER 13, 2021

CVE Number CVE Title Remediation Due Date CVE-2021-44228 Apache Log4j2 Remote Code Execution Vulnerability 12/24/2021 CVE-2021-44515 Zoho Corp. CISA also warns of a recently disclosed arbitrary file download vulnerability in FortiOS, tracked as CVE-2021-44168, that is actively exploited. Pierluigi Paganini.

CMS 98

CMS Authentication Libraries Risk 98

HID Global

JUNE 1, 2021

Tue, 06/01/2021 - 13:38. Why Credential Management Is Key to Your Cybersecurity Strategy. ymassard@hidgl….

Cybersecurity 52

Cybersecurity 52

Security Affairs

MAY 2, 2023

CVE-2021-45046 (CVSS score: 9.0) – Apache Log4j2 deserialization of untrusted data vulnerability. Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

IT 90

IT Cybersecurity Education Access 90

HID Global

NOVEMBER 1, 2021

Mon, 11/01/2021 - 11:28. Understanding El Salvador’s New Banking Standards.

52

52