Security Affairs

FEBRUARY 5, 2022

US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. Pierluigi Paganini.

Cybersecurity 84

Cybersecurity Authentication Compliance Risk 84

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Thu, 01/12/2023 - 05:54. Fasten your seatbelts and enjoy the Top 5 list of Thales webinars for 2022. Trends in Cloud Security: Key Findings from the 2022 Cloud Security Study. A new approach is required.

Compliance 83

Compliance Cloud Security Financial Services 83

HID Global

JANUARY 25, 2022

abka Streamlines Access Control and Enhances User Experience. Tue, 01/25/2022 - 10:06. Retail Case Study: ?abka

Retail 52

Retail Access 52

HID Global

FEBRUARY 1, 2022

Essential Reasons to Upgrade Your Access Control Technology — Reason #2: User Convenience. Tue, 02/01/2022 - 10:23.

Access 52

Access 52

HID Global

JANUARY 24, 2022

Essential Reasons to Upgrade Your Access Control Technology — Reason 1: Security and Data Privacy. Mon, 01/24/2022 - 09:57.

Data Privacy 52

Data Privacy Access Privacy Security 52

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) Disable WAN access to the administrative web interface of the system.” concludes the report.

IT 69

IT Cybersecurity Security Access 69

HID Global

JANUARY 11, 2022

Partnering With a Global Bank to Secure Physical Access and Re-Imagine the Visitor Experience. Tue, 01/11/2022 - 09:39.

Access 52

Access Security 52

Security Affairs

FEBRUARY 15, 2022

Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10 [$TBD][ 1285449 ]” reads the security advisory published by Google.

Security 81

Security Access IT Information Security 81

Thales Cloud Protection & Licensing

JANUARY 26, 2022

Five Hot Security and Privacy Topics You Need To Understand in 2022. Thu, 01/27/2022 - 06:13. Google Cloud’s External Key Manager (EKM) helps organizations achieve robust control over how and when their encryption keys are used to protect and access the users’ encrypted data. Stay tuned! Data security.

Privacy 71

Privacy Security Encryption Cloud 71

Security Affairs

MAY 25, 2022

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel ( CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR ( CVE-2022-20821 ). The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: 6.5,

IT 140

IT Cybersecurity Risk Security 140

Security Affairs

JANUARY 9, 2024

In April 2022, Horizon3 researchers discovered a remote code execution, tracked as CVE-2023-27524 (CVSS score: 8.9), in Apache Superset. Improper Access Control Vulnerability CVE-2023-23752. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the Flask web framework.

IT 90

IT Cybersecurity Authentication Ransomware 90

Security Affairs

AUGUST 5, 2022

The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924 , to its Known Exploited Vulnerabilities Catalog. Zimbra addressed the issue on May 10, 2022, with the release of versions 8.8.15 reads the advisory published by NIST.

Passwords 116

Passwords Access Cybersecurity Risk 116

Security Affairs

JUNE 7, 2023

Security updates released this month also addressed a vulnerability, tracked as CVE-2022-22706 , that affects the Arm Mali GPU. CVE-2022-22706 , a vulnerability in Mali GPU Kernel Driver fixed by ARM in January 2022 and marked as being used in the wild. This vulnerability grants the attacker system access.

Security 79

Security Cybersecurity Access IT 79

Security Affairs

DECEMBER 16, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities impacting Veeam Backup & Replication software, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS 3.1 “ CISA orders federal agencies to address both vulnerabilities by January 03, 2022.

Authentication 98

Authentication Cybersecurity Risk Security 98

Security Affairs

SEPTEMBER 23, 2022

CISA added a security flaw in Zoho ManageEngine, tracked as CVE-2022-35405, to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 (CVSS score 9.8) , to its Known Exploited Vulnerabilities Catalog.

IT 77

IT Passwords Access Cybersecurity 77

Security Affairs

FEBRUARY 22, 2023

US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog : CVE-2022-47986 (CVSS score: 9.8) – IBM Aspera Faspex Code Execution Vulnerability – A remote attacker can trigger the vulnerability to execute arbitrary code on the system.

Authentication 85

Authentication Access Risk Security 85

Security Affairs

FEBRUARY 24, 2022

Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due Date CVE-2022-23131 Zabbix Frontend Authentication Bypass Vulnerability 3/8/2022 CVE-2022-23134 Zabbix Frontend Improper Access Control Vulnerability 3/8/2022. and 4.0.37

IT 87

IT Authentication Cybersecurity Risk 87

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: 9.1), that resides in the access control functionality of the Netgear Orbi router. ” states Talos.

Authentication 85

Authentication Passwords Access Communications 85

Thales Cloud Protection & Licensing

JANUARY 31, 2022

Tue, 02/01/2022 - 04:53. Starting from February 1, 2022, Salesforce will require all customers to enable multi-factor authentication (MFA) to access their accounts. Access security is your responsibility. However, this strategic decision goes beyond mere access control. Which is the preferred MFA option?

Authentication 127

Authentication Cloud Encryption Access 127

Security Affairs

JANUARY 23, 2024

Researchers from Mandiant first detailed the activity of the group in September 2022 when they discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant observed crashes across multiple UNC3886 cases between late 2021 and early 2022. reads the report published by Mandiant.

IT 106

IT Cybersecurity Cloud Risk 106

Security Affairs

MARCH 27, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Cybersecurity 84

Cybersecurity Risk Security Access 84

Security Affairs

FEBRUARY 11, 2023

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS, respectively tracked as CVE-2023-0669 , CVE-2015-2291 , and CVE-2022-24990 , to its Known Exploited Vulnerabilities Catalog. The flaw is exploited by North Korea-linked APT groups to gain initial access to the target infrastructure.

IT 88

IT Ransomware Authentication Access 88

Security Affairs

APRIL 8, 2023

Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022. CISA orders federal agencies to fix this flaw by April 28, 2023.

IT 76

IT Ransomware Education Cybersecurity 76

Security Affairs

FEBRUARY 6, 2022

A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensi tive data from Kubernetes Apps , including passwords and API keys. A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps. and 2.1.9. .

Encryption 87

Encryption Passwords Access Security 87

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals. reads the post published by Proofpoint.

IT 87

IT Military Phishing Passwords 87

National Archives Records Express

APRIL 20, 2022

The bulletins are: 2022-01: Revoked NARA Bulletins. 2022-02: Resubmission of Capstone Forms. Bulletin 2022-01 revokes four previously issued NARA Bulletins. If you have any questions about Bulletin 2022-01, please contact rm.standards@nara.gov. There are three types of resubmissions.

Government 40

Government Access Records Management 40

Security Affairs

AUGUST 19, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability, tracked as CVE-2022-22536 , to its Known Exploited Vulnerabilities Catalog a few days after researchers shared details about the issue at the Black Hat and Def Con hacker conferences. The flaw received a CVSSv3 score of 10.0.

IT 90

IT Communications Paper Risk 90

Security Affairs

OCTOBER 2, 2022

CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request.”. reads the advisory.

IT 78

IT Cybersecurity Risk Security 78

Security Affairs

FEBRUARY 28, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability, tracked as CVE-2022-36537 (CVSS score: 7.5), in the ZK Java Web open-source framework to its Known Exploited Vulnerabilities Catalog. The vulnerability affects ZK Framework versions 9.6.1, and 8.6.4.1. and 8.6.4.2. ransomware to all downstream endpoints.

Authentication 86

Authentication Ransomware Access Cybersecurity 86

Security Affairs

JULY 30, 2022

US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138.

Passwords 92

Passwords Cloud Cybersecurity Risk 92

Thales Cloud Protection & Licensing

JANUARY 7, 2022

From Fiction to Reality - A Zero Trust Network Access Overview. Fri, 01/07/2022 - 06:54. Even acknowledged security experts cannot say for sure what prevails in the Zero Trust Network Access (ZTNA) concept – a real technological foundation or marketing hype invented by vendors to boost sales.

Access 71

Access Sales MDM Marketing 71

Security Affairs

AUGUST 23, 2022

US Cybersecurity and Infrastructure Security Agency (CISA) added a flaw, tracked as CVE-2022-0028 , affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog. h2 (ETA: week of August 15, 2022) PAN-OS 10.1 < 10.1.6-h6 h1 (ETA: week of August 15, 2022) PAN-OS 9.1 < 9.1.14-h4 h2 >= 10.2.2-h2

IT 83

IT Cybersecurity Access Cloud 83

Security Affairs

MARCH 16, 2023

The vulnerability is an Improper Access Control that can allow a remote attacker to execute arbitrary code. CVE-2022-41328 – Fortinet FortiOS Path Traversal Vulnerability. “Adobe is aware that CVE-2023-26360 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion.”

Cybersecurity 89

Cybersecurity Risk Security Access 89

Security Affairs

APRIL 22, 2023

CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability. PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

IT 85

IT Libraries Cybersecurity Education 85

Security Affairs

MAY 2, 2023

The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event. Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. A remote attacker can trigger the issue to inject commands that should be executed on the device.

IT 82

IT Cybersecurity Education Access 82

DLA Piper Privacy Matters

APRIL 25, 2023

This Opinion, if confirmed by the European Court of Justice (“ CJEU ”), aligns with an increasing tendency, by both data protection supervisory authorities and courts, towards a broad interpretation of the right of access. The German Federal Court of Justice, in its decision of 29 March 2022 (Case No.

Access 52

Access GDPR Personal data IT 52

Security Affairs

APRIL 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog. The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 21, 2022. MR3 (18.5.3)

Authentication 76

Authentication Cybersecurity Security Access 76