Security Affairs

MAY 30, 2022

CVE Number Affected devices CVE-2021-44228, CVE-2021-45046 Log4J RCE CVE-2022-1388 F5 BIG IP RCE No CVE (vulnerability published on 2022-02) Adobe ColdFusion 11 RCE CVE-2020-7961 Liferay Portal – Java Unmarshalling via JSONWS RCE No CVE (vulnerability published on 2022-04) PHP Scriptcase 9.7 To nominate, please visit:?.

CMS 143

CMS IoT Passwords Security 143

Security Affairs

MARCH 7, 2022

In a blog post, the researcher explained that he discovered the flaw while investigating corrupt access log files for one of its customers. The CVE-2022-0847 vulnerability allows overwriting data in arbitrary read-only files, which could lead to privilege escalation because unprivileged processes can inject code into root processes.

Passwords 102

Passwords Access Security IT 102

Security Affairs

MARCH 6, 2021

This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. ” states Microsoft. ” states CISA.

Cybersecurity 143

Cybersecurity Access Security IT 143

Security Affairs

APRIL 12, 2022

CISA also added to the catalog two flaws in Microsoft Active Directory ( CVE-2021-42287 , CVE-2021-42278 ), a flaw in Google Pixel ( CVE-2021-39793 ), a flaw in Checkbox Survey ( CVE-2021-27852 ), a flaw in Linux Kernel ( CVE-2021-22600 ), a bug in QNAP NAS ( CVE-2020-2509 ), and a vulnerability in Telerik WEB UI ( CVE-2017-11317 ).

IT 98

IT Cybersecurity Ransomware Access 98

Security Affairs

JUNE 10, 2022

In response to the security breach, the IT infrastructure of the city was shut down. The attack took place on June 02 and the outage caused severe problems to the citizens. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 124

Ransomware IT Data breaches Education 124

Security Affairs

MARCH 7, 2021

Volexity experts the compromise of Microsoft Exchange servers belonging to its customers and discovered that the attackers exploited a zero-day server-side request forgery (SSRF) vulnerability in Microsoft Exchange ( CVE-2021-26855 ). . Cyber #Cybersecurity #InfoSec — US-CERT (@USCERT_gov) March 6, 2021. ” wrote Microsoft.

Access 110

Access Government Cybersecurity Authentication 110

Security Affairs

MARCH 14, 2022

The URL available on the email templates downloads an HTML file called “ Dividas 2021.html exe – 4eb39d47ef742996c02a886d56b97aedad904d85cd2ebd57000f6cbbfabe0ea0 ) with 0/90 detections in VirusTotal at the time of analysis (23-02-2022). html ” or “ Financas.html ” that will download a ZIP file from the Internet.

Encryption 99

Encryption Phishing Communications IT 99