Security Affairs

FEBRUARY 5, 2022

US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882.

Cybersecurity 84

Cybersecurity Authentication Compliance Risk 84

Security Affairs

MARCH 7, 2022

Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. and later versions.

Passwords 88

Passwords Access Security IT 88

Security Affairs

MAY 30, 2022

It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The new variant of the bot includes exploits for the following security issues: CVE-2022-22954 : Critical RCE flaw in VMware Workspace ONE Access and VMware Identity Manager.

CMS 138

CMS IoT Passwords Security 138

Security Affairs

FEBRUARY 15, 2022

Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10 [$TBD][ 1285449 ]” reads the security advisory published by Google.

Security 81

Security Access IT Information Security 81

Thales Cloud Protection & Licensing

JANUARY 31, 2022

Tue, 02/01/2022 - 04:53. Back in March 2021, Salesforce made an announcement that has profound implications, although initially very few people paid attention to it. Starting from February 1, 2022, Salesforce will require all customers to enable multi-factor authentication (MFA) to access their accounts.

Authentication 127

Authentication Cloud Encryption Access 127

Security Affairs

FEBRUARY 25, 2023

The state-sponsored hackers used a web shell created no later than December 23, 2021, to deploy multiple backdoors. The nation-state actor employed the SSH backdoor CredPump (PAM module) to achieve remote SSH access (with a static password value) and logging of logins and passwords when connecting via SSH.

Passwords 82

Passwords Government Cybersecurity Phishing 82

Security Affairs

APRIL 12, 2022

CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. Recently, the U.S.

IT 78

IT Cybersecurity Ransomware Access 78