Read Time:5 Second
Privacy & cybersecurity attorney, Leeza Garber, highlights the importance of hiring for behaviors in cybersecurity
Daily Archives: March 23, 2022
West Blocks Russia’s Access to Weather Data
Read Time:4 Second
Russia restricted over fears it may launch biological or chemical attack on Ukraine
AvosLocker ransomware – what you need to know
Read Time:16 Second
AvosLocker is a ransomware-as-a-service (RaaS) gang which first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities.
Read more in my article on the Tripwire State of Security blog.
Vulnerabilities found in 250 HP printer models
Read Time:30 Second
HP has published various security alerts for more than 250 of its printer models. Hackers should be able to inject malicious code, denial-of-service (DoS) attacks to start and access data. As a countermeasure, the manufacturer recommends firmware updates and configuration changes.
Gateway LLMNR protocol
The first vulnerability, CVE-2022-3942, is classified as critical with a value of 8.4. According to Heise, attackers can use vulnerabilities in the firmware to remotely cause a buffer overflow in around 250 HP printer models. Malicious code can then be injected and executed.
IriusRisk launches Open Threat Model standard to secure software development lifecycle
Read Time:41 Second
IriusRisk has launched a new Open Threat Model (OTM) standard to allow greater connectivity and interoperability between threat modeling and other parts of the software development lifecycle (SDLC). The OTM standard has been published under a Creative Commons license and provides a tool-agnostic way of describing a threat model in a simple to use and understand format, IriusRisk said.
The standard can leverage a wide range of source formats and supports new sources of application and system design, whilst also allowing users to exchange threat model data within the SDLC and cybersecurity ecosystem. An accompanying API allows users to provide an OTM file which IriusRisk uses to build a full threat model using the rules engine, which contains an extensive library of components and risk patterns.
IBM service aims to secure multicloud operations
Read Time:8 Second
IBM’s new Unified Key Orchestrator lets customers integrate multiple security key-management systems into a single managed service that spans hybrid and multicloud environments.
ImpressCMS: from unauthenticated SQL injection to RCE
Read Time:15 Second
Posted by Egidio Romano on Mar 23
Hello list,
I’d like to share with you my latest blog post. Hope you may find this
SQL injection exploitation technique interesting and potentially useful
for your penetration tests. Enjoy it!
Link: http://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce
Best regards,
/EgiX
cobbler-2.8.5-6.el7
Read Time:6 Second
FEDORA-EPEL-2022-5b9785fc78
Packages in this update:
cobbler-2.8.5-6.el7
Update description:
Fix for CVE-2022-0860
cobbler-3-820220323131206.9edba152
Read Time:6 Second
FEDORA-EPEL-MODULAR-2022-97f1274380
Packages in this update:
cobbler-3-820220323131206.9edba152
Update description:
Fix for CVE-2022-0860
cobbler-3.2.2-11.fc34
Read Time:6 Second
FEDORA-2022-ad2b0ad61b
Packages in this update:
cobbler-3.2.2-11.fc34
Update description:
Fix for CVE-2022-0860