Security Affairs

MAY 30, 2022

CVE Number Affected devices CVE-2021-44228, CVE-2021-45046 Log4J RCE CVE-2022-1388 F5 BIG IP RCE No CVE (vulnerability published on 2022-02) Adobe ColdFusion 11 RCE CVE-2020-7961 Liferay Portal – Java Unmarshalling via JSONWS RCE No CVE (vulnerability published on 2022-04) PHP Scriptcase 9.7

CMS 141

CMS IoT Passwords Security 141

Outpost24

MARCH 17, 2022

Thu, 03/17/2022 - 08:01. Opensource from hell: malicious JavaScript distributed via opensource libraries, again. Florian Barre. Martin Jartelius, CSO, Outpost24. Ghost Labs. It’s open source, anyone can audit it, but is it safe?

Libraries 97

Libraries IT 97

Hunton Privacy

FEBRUARY 24, 2023

Guidelines on Certification as a Tool for Transfers Guidelines 07/2022 provide guidance as to the application of Article 46(2)(f) of the GDPR on transfers of personal data to third countries or to international organizations on the basis of certification. The Guidelines were updated to reflect comments received during public consultation.

GDPR 123

GDPR Personal data 123

Security Affairs

MARCH 8, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) added two critical security vulnerabilities in Mozilla firefox, tracked as CVE-2022-26485 and CVE-2022-26486 , to its Known Exploited Vulnerabilities Catalog. The US agency has ordered federal civilian agencies to address both issues by March 21, 2022. Firefox ESR 91.6.1,

Cybersecurity 95

Cybersecurity Authentication Cloud Security 95

HID Global

MARCH 16, 2022

Wed, 03/16/2022 - 09:45. Five Ways HID Global iON Technology Boosts Card Issuance Productivity and Cuts Costs.

98

98

HID Global

JUNE 2, 2022

Thu, 06/02/2022 - 09:03. Here Is What the Future of Retail Looks Like With Facial Biometrics.

Retail 98

Retail 98

Security Affairs

MARCH 25, 2022

for Windows, Mac, and Linux users to address a high-severity zero-day bug, tracked as CVE-2022-1096, exploited in the wild. The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23. Google has released Chrome 99.0.4844.84 Pierluigi Paganini.

Libraries 109

Libraries Access Security IT 109

HID Global

MARCH 8, 2022

Tue, 03/08/2022 - 10:02. International Women’s Day and the Equal Right to Identity.

98

98

Outpost24

MARCH 8, 2022

Tue, 03/08/2022 - 03:20. Russian-linked malware cyberattacks: what you need to know about Hermetic Wiper and Cyclops Blink. Florian Barre. Blueliv, an Outpost24 company. Threat Intelligence. Just days after Russia launched its invasion against the people of Ukraine, news reports emerged of several cyberattacks.

Government 52

Government IT 52

Security Affairs

APRIL 19, 2023

Reported by Rong Jian of VRI on 2023-03-30 [$8000][ 1429201 ] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 [$3000][ 1424337 ] High CVE-2023-2135: Use after free in DevTools.

Libraries 93

Libraries Education Access Cybersecurity 93

Outpost24

MARCH 30, 2023

2023 Florian Barre Thu, 03/30/2023 - 02:23 Alberto Marín, KrakenLabs Malware Sandbox Lead Threat Intelligence Teaser In this blog post, the KrakenLabs team will take a deep dive into a malware sample classified as LummaC2, an information stealer written in C language that has been sold in underground forums since December 2022.

Communications 98

Communications IT 98

HID Global

MARCH 29, 2022

Tue, 03/29/2022 - 09:03. Streamline Time and Attendance With Connected Workplace Technologies.

52

52

Security Affairs

JANUARY 25, 2023

Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19 [$3000][1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by raven at KunLun lab on 2023-01-03 [$TBD][ 1400841 ] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L

Security 87

Security IT Information Security 87

Security Affairs

MARCH 7, 2022

Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. and later versions.

Passwords 96

Passwords Access Security IT 96

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: Cisco Talos researchers published Proof-of-concept (PoC) exploits for multiple vulnerabilities in Netgear’s Orbi 750 series router and extender satellites.

Authentication 93

Authentication Passwords Access Communications 93

HID Global

JULY 20, 2022

Wed, 07/20/2022 - 15:03. Wireless Condition Monitoring Reduces Downtime Across the Whole Factory.

52

52

HID Global

FEBRUARY 3, 2022

Thu, 02/03/2022 - 09:39. Essential Reasons to Upgrade Your Access Control Technology — Reason 3: Flexibility. mhammarberg.

Access 52

Access 52

Security Affairs

MARCH 29, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added Google Chome zero-day (CVE-2022-1096) and a critical Redis vulnerability (CVE-2022-0543), along with other 30 vulnerabilities, to its Known Exploited Vulnerabilities Catalog. Microsoft addressed this bug with the release of the February 2022 Patch Tuesday updates.

Cybersecurity 88

Cybersecurity Risk Security IT 88

HID Global

MARCH 11, 2022

Fri, 03/11/2022 - 17:00. The Case for Encrypting Everything: A Q&A With PKI Expert Mrugesh Chandarana. mchandarana.

Encryption 52

Encryption 52

Security Affairs

SEPTEMBER 23, 2023

.” The group was able to steal data from the City and leaked approximately 1.169 TB at a time prior to May 03, 2023. The command-and-control beacons allowed Royal to prepare the City’s network resources for the May 03, 2023, ransomware encryption attack.” ” continues the report. .” ” continues the report.

Ransomware 106

Ransomware Encryption Systems administration Cybersecurity 106

Outpost24

MARCH 29, 2023

The Russia-Ukraine crisis shakes up the cybercriminal ecosystem 02.Mar.2022

52

52

HID Global

JANUARY 3, 2022

Mon, 01/03/2022 - 12:28. Contactless Identification Readers Creating a Safer Customer Journey — With Side Benefits.

52

52

HID Global

MARCH 21, 2022

Mon, 03/21/2022 - 09:53. How Facial Recognition Is Transforming the Retail Experience. vfabbrizio.

Retail 52

Retail 52

Security Affairs

FEBRUARY 24, 2022

Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due Date CVE-2022-23131 Zabbix Frontend Authentication Bypass Vulnerability 3/8/2022 CVE-2022-23134 Zabbix Frontend Improper Access Control Vulnerability 3/8/2022. 2021-12-23 versions 5.4.9,

IT 95

IT Authentication Cybersecurity Risk 95

HID Global

MARCH 21, 2022

Mon, 03/21/2022 - 10:14. DigitalPersona® Wins the Hearts of Customers on TrustRadius. mmacritchie.

52

52

HID Global

MARCH 8, 2022

Tue, 03/08/2022 - 13:25. Transport: Are You Prepared to Go Fully Contactless? It's Okay if You're Not).

IT 52

IT 52

Security Affairs

FEBRUARY 6, 2022

A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensi tive data from Kubernetes Apps , including passwords and API keys. A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps. and 2.1.9. .”

Encryption 94

Encryption Passwords Access Security 94

HID Global

MARCH 8, 2022

Tue, 03/08/2022 - 15:51. Employee Stories: How Biometrics Put an End to Jailhouse Shenanigans.

52

52

HID Global

MARCH 30, 2022

Wed, 03/30/2022 - 09:07. The Power of the Connected Workplace. hdansachmueller.

52

52

HID Global

MARCH 8, 2022

Tue, 03/08/2022 - 15:51. In Action: How Biometrics Put an End to Jailhouse Shenanigans.

52

52

HID Global

JANUARY 3, 2022

Mon, 01/03/2022 - 09:26. HID and FIDO – Changing the Nature of Authentication. mmacritchie.

Authentication 52

Authentication 52

HID Global

MARCH 7, 2022

Mon, 03/07/2022 - 14:52. Top 4 Must-Haves for Reliable and Secure Biometric ATMs .

Security 52

Security 52

HID Global

MARCH 30, 2022

Wed, 03/30/2022 - 09:13. The Many Faces of Open Banking Around the World.

52

52

Outpost24

JULY 22, 2022

Fri, 07/22/2022 - 03:56. TOP 5 ATT&CK techniques used by Threat Actors tied to Iran. Florian Barre. Blueliv, an Outpost24 company. Threat Intelligence. False flags and strong anonymity measures can be used to make attribution of cyberattacks more and more difficult.

40

40

HID Global

APRIL 8, 2022

Fri, 04/08/2022 - 09:03. The ABCs of UWB Technology.

52

52

Security Affairs

JANUARY 2, 2022

Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers since January 1st, 2022. This means that dates related to 2022, having a minimum value of 2,201,010,001 or larger, can be stored in the signed int32 variable. Logged: 1/1/2022 1:03:42 AM.

IT 132

IT Security Information Security 132

Security Affairs

APRIL 17, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security 80

Security Ransomware Data breaches Cybersecurity 80