Security Affairs

JUNE 29, 2022

Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. ” The CVE-2022-30333 flaw in the unrar binary developed by RarLab is a File Write vulnerability that could be exploited by tricking victims into extracting maliciously crafted RAR archives.

Archiving 92

Archiving Authentication Communications Security 92

HID Global

APRIL 21, 2022

Thu, 04/21/2022 - 14:49. Enhancing the Retail Experience While Improving Operations: Here’s How.

Retail 94

Retail 94

Security Affairs

MAY 30, 2022

CVE Number Affected devices CVE-2021-44228, CVE-2021-45046 Log4J RCE CVE-2022-1388 F5 BIG IP RCE No CVE (vulnerability published on 2022-02) Adobe ColdFusion 11 RCE CVE-2020-7961 Liferay Portal – Java Unmarshalling via JSONWS RCE No CVE (vulnerability published on 2022-04) PHP Scriptcase 9.7

CMS 141

CMS IoT Passwords Security 141

Security Affairs

DECEMBER 16, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities impacting Veeam Backup & Replication software, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS 3.1 “ CISA orders federal agencies to address both vulnerabilities by January 03, 2022. ” reads the advisory published by Veeam. .

Authentication 98

Authentication Cybersecurity Risk Security 98

Outpost24

AUGUST 12, 2022

Fri, 08/12/2022 - 08:04. Threat Actor of the Month - GhostSec. Florian Barre. Threat Intelligence. This month we’re introducing you to GhostSec, a hacktivist group with ties to the Anonymous collective.

52

52

Security Affairs

NOVEMBER 22, 2022

Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. In October and November 2022, the researchers analyzed several hundreds of collected samples and identified dozens of active C2 servers.

Phishing 93

Phishing Marketing Access IT 93

Security Affairs

APRIL 19, 2023

Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12 [$1000][ 1430644 ] Medium CVE-2023-2137: Heap buffer overflow in sqlite. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11.

Libraries 90

Libraries Education Access Cybersecurity 90

Schneier on Security

APRIL 13, 2022

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used.

IT 119

IT 119

Security Affairs

MARCH 7, 2022

Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. and later versions.

Passwords 92

Passwords Access Security IT 92

Security Affairs

APRIL 14, 2023

The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11” reads the advisory published by Google. The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8.

Libraries 83

Libraries Education Cybersecurity Security 83

HID Global

APRIL 4, 2022

Mon, 04/04/2022 - 16:31. How Good Design Enhances Document Security.

Security 52

Security 52

HID Global

APRIL 12, 2022

Tue, 04/12/2022 - 09:09. Welcome to the Future of Banking: Secure, Customer-First Experiences With Facial Recognition. vito.fabbrizio….

Security 52

Security 52

Thales Cloud Protection & Licensing

APRIL 22, 2024

The Rise of the Bad Bots madhav Tue, 04/23/2024 - 05:13 Imperva's annual Bad Bot Report is always a fascinating – albeit alarming – insight into the nature of non-human internet traffic. in 2022 to 39.6% The 2024 Imperva Bad Bot Report is no different, revealing that bots made up nearly half (49.6%) of all internet traffic last year.

Digital transformation 71

Digital transformation Retail Access Encryption 71

Security Affairs

APRIL 12, 2022

The initial compromise took place no later than February 2022. It is interesting to note that the disconnection of electrical substations and the decommissioning of the company’s infrastructure was scheduled for Friday evening, April 8, 2022.

Cybersecurity 124

Cybersecurity Government Security IT 124

Security Affairs

JANUARY 23, 2022

CISA is requiring 10 of 17 vulnerabilities added this week to be addressed within February 1st, 2022. CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js

CMS 93

CMS IT Authentication Libraries 93

HID Global

APRIL 12, 2022

Tue, 04/12/2022 - 12:19. Microsoft and HID Improve Certificate-Based Authentication. mmacritchie.

Authentication 52

Authentication 52

Outpost24

APRIL 26, 2022

Tue, 04/26/2022 - 06:18. Dissecting Spring4Shell. Florian Barre. Blueliv, an Outpost24 company. Threat Intelligence. An RCE vulnerability affecting Spring Core’s JDK 9 and later has become a trending topic in cybersecurity networks during the past couple days.

Cloud 52

Cloud Cybersecurity 52

HID Global

APRIL 25, 2022

Mon, 04/25/2022 - 12:55. Addressing Privacy, Compliance and Customer Experience in Retail.

Customer Experience 52

Customer Experience Retail Compliance Privacy 52

HID Global

JANUARY 4, 2022

Tue, 01/04/2022 - 12:28. Case Study: Automated Contact Tracing in HID Malaysia Manufacturing. raufreiter.

Manufacturing 52

Manufacturing 52

HID Global

APRIL 8, 2022

Fri, 04/08/2022 - 10:55. Mobile Access Augments User Experience In Commercial Real Estate.

Access 52

Access 52

HID Global

APRIL 28, 2022

Thu, 04/28/2022 - 11:38. Going Beyond Customer Authentication to Fight Bank Fraud.

Authentication 52

Authentication 52

Outpost24

JULY 22, 2022

Fri, 07/22/2022 - 04:35. TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking. Florian Barre. Blueliv, an Outpost24 company. Threat Intelligence. This blog post will offer some analysis on developments relating to ServHelper, including detail on relevant campaigns and those threat actors related to it.

IT 52

IT 52

HID Global

APRIL 11, 2022

Mon, 04/11/2022 - 12:07. CGS-CIMB Case Study: Mobile Access for Financial Services.

Financial Services 52

Financial Services Access 52

HID Global

APRIL 5, 2022

Tue, 04/05/2022 - 11:13. Sustainable, Simple, Cost-Saving: Wasteless Lamination.

52

52

HID Global

APRIL 12, 2022

Tue, 04/12/2022 - 11:33. True Crime: A Brave Little Girl and a Partial Fingerprint.

52

52

HID Global

FEBRUARY 22, 2022

Tue, 02/22/2022 - 11:04. How Banks Use Facial Recognition to Secure the Customer Journey.

Security 52

Security 52

HID Global

APRIL 6, 2022

Wed, 04/06/2022 - 14:08. The Future of SAFE for Aviation.

52

52

National Archives Records Express

JUNE 23, 2023

We began the process to update the requirements for Version 3 by requesting comments on Records Express in November 2022. The authoritative source for transfer formats is in Appendix A: Table of File Formats of NARA Bulletin 2014-04, Format Guidance for the Transfer of Permanent Electronic Records. We released Version 2 in April 2020.

Records Management 97

Records Management Metadata Cloud IT 97

HID Global

APRIL 8, 2022

Fri, 04/08/2022 - 09:03. The ABCs of UWB Technology.

52

52

HID Global

JANUARY 4, 2022

Tue, 01/04/2022 - 12:25. True Crime Stories – Unknown Part 2.

52

52

Security Affairs

MAY 2, 2022

Timestamp 2022-04-27, new config, new mutex, campaign ID, etc. Funny thing… it does not encrypt files; only adds a random extension 42 BTC [link] pic.twitter.com/A8p5SLjcZr — Jakub Kroustek (@JakubKroustek) April 29, 2022. BleepingComputer correctly pointed out that the public return of REvil operation is suspicious.

Ransomware 86

Ransomware Encryption Cybersecurity Security 86

Security Affairs

APRIL 18, 2023

The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. The CVE-2023-2033 flaw is the first Chrome zero-day vulnerability addressed by Google in 2023. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

IT 80

IT Cybersecurity Education Risk 80

Security Affairs

APRIL 9, 2022

Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability ( CVE-2022-22965 ) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. ” reported Qihoo 360. .”

Cybersecurity 81

Cybersecurity Security IT Information Security 81

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Tue, 10/04/2022 - 05:20. The 2022 Thales Consumer Digital Trust Index data , based on an Opinium survey conducted in 11 countries with more than 21K participants, attempts to answer these questions. Read the full 2022 Thales Consumer Trust Index and find out more about events around Cybersecurity Awareness Month.

Authentication 127

Authentication Passwords Cybersecurity Personal data 127

Security Affairs

APRIL 30, 2022

The attacks have started on April 29, 2022, at 04:00. The Romanian national cyber security and incident response team, DNSC, warns of a series of distributed denial-of-service (DDoS) attacks targeting government websites.

CMS 85

CMS Government Cybersecurity Security 85

Security Affairs

MAY 31, 2022

Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake and T-APT-04). Below are the slides presented by the Kaspersky researcher Noushin Shabab at the BlackHat Asia 2022: Download Slides. The second half of the URL is encrypted inside the second stage HTA module.

Encryption 96

Encryption Military Phishing Communications 96

Security Affairs

MAY 8, 2022

May 04 – Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites. May 06 – Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution. Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia’s alcohol distribution.

Cybersecurity 90

Cybersecurity Government Security IT 90