Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability.

Cybersecurity 93

Cybersecurity Education Risk Security 93

Security Affairs

APRIL 8, 2023

Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022. The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.

IT 93

IT Ransomware Education Cybersecurity 93

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals. reads the post published by Proofpoint.

IT 98

IT Military Phishing Passwords 98

Security Affairs

APRIL 15, 2023

” According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 92

IT Cybersecurity Education Risk 92

Security Affairs

MAY 2, 2023

The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event. Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. The root cause of the problem is the lack of input sanitization in the locale API that manages the router’s language settings.

IT 96

IT Cybersecurity Education Access 96

Security Affairs

JUNE 2, 2022

The LockBit ransomware gang claimed responsibility for an attack and announced that it will release the stolen data by 11 June, 2022 18:01:00 if the company will not pay the ransom. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Ransomware 105

Ransomware Manufacturing Cybersecurity Security 105

Security Affairs

APRIL 22, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 97

IT Libraries Cybersecurity Education 97

Security Affairs

APRIL 18, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 93

IT Cybersecurity Education Risk 93

Security Affairs

APRIL 26, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws affecting Microsoft, Linux, WSO2, and Jenkins systems. The above issues have to be addressed by federal agencies by May 16, 2022.

IT 94

IT Cybersecurity Risk Security 94

Security Affairs

APRIL 5, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka Spring4Shell , CVSS score: 9.8) CISA also added CVE-2022-22675 , CVE-2022-22674 , CVE-2021-45382 flaws to its catalog. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

IT 97

IT Cybersecurity Cloud Security 97

Security Affairs

MAY 15, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security 85

Security Agriculture Ransomware Manufacturing 85

Security Affairs

FEBRUARY 6, 2022

A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensi tive data from Kubernetes Apps , including passwords and API keys. The post Argo CD flaw could allow stealing sensitive data from Kubernetes Apps appeared first on Security Affairs. and 2.1.9. .”

Encryption 98

Encryption Passwords Access Security 98

Security Affairs

MAY 10, 2022

No to war" pic.twitter.com/P2uCNz8cqa — Francis Scarr (@francis_scarr) May 9, 2022. OpRussia #StandWithUkraine [link] — Anonymous TV (@YourAnonTV) May 9, 2022. TV and the authorities are lying. The news of the attack was also announced by Anonymous, but at this time is not clear which group hit the Russian media.

Archiving 98

Archiving Access Cybersecurity Security 98

Security Affairs

APRIL 10, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. iPadOS 16.4.1, and Safari 16.4.1.

IT 97

IT Cybersecurity Education Security 97

Security Affairs

APRIL 9, 2022

Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability ( CVE-2022-22965 ) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. ” reported Qihoo 360.

Cybersecurity 94

Cybersecurity Security IT Information Security 94

Security Affairs

APRIL 12, 2022

CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog.

IT 95

IT Cybersecurity Ransomware Access 95

Security Affairs

APRIL 24, 2023

PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC.” ” The CVE-2023-27350 (CVSS score – 9.8) is a PaperCut MF/NG Improper Access Control Vulnerability.

Cybersecurity 88

Cybersecurity Ransomware Education Authentication 88

Security Affairs

MAY 20, 2023

Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents.

Cybersecurity 98

Cybersecurity Security Risk Access 98

Security Affairs

MAY 22, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 96

IT Cybersecurity Security Risk 96

Security Affairs

APRIL 24, 2023

PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC.” ” The CVE-2023-27350 (CVSS score – 9.8) is a PaperCut MF/NG Improper Access Control Vulnerability.

Authentication 98

Authentication Cybersecurity Education Access 98

Security Affairs

MAY 15, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Government 98

Government Cybersecurity Security Information Security 98

Security Affairs

JULY 11, 2022

A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. SMSs are sent based on a list created by the C2 owner, namely: 1kk-rusha-01.txt.

Phishing 100

Phishing Access Information Security Encryption 100

Security Affairs

MAY 16, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 95

IT Cybersecurity Communications Security 95