CVE-2020-25150

Read Time:15 Second

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.

Read More

CVE-2020-16238

Read Time:14 Second

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user.

Read More

What is the cyber kill chain? A model for tracing cyberattacks

Read Time:33 Second

As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is an explanation of the cyber kill chain and how you might employ it in your environment.

Cyber kill chain definition

The cyber kill chain, also known as the cyberattack lifecycle, is a model developed by Lockheed Martin that describes the phases of a targeted cyberattack. It breaks down each stage of a malware attack where defenders can identify and stop it.

To read this article in full, please click here

Read More

Rare and dangerous Incontroller malware targets ICS operations

Read Time:27 Second

In the second major industrial control system (ICS) threat development this week, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory (CSA) warning of a complex and dangerous ICS threat. The CSA says that specific unnamed advanced persistent threat (APT) actors have exhibited the capability to gain complete system access to multiple ICS and supervisory control and data acquisition (SCADA) devices.

To read this article in full, please click here

Read More

xen-4.16.1-1.fc36

Read Time:25 Second

FEDORA-2022-b50023a180

Packages in this update:

xen-4.16.1-1.fc36

Update description:

update to xen-4.16.1
strip .efi file to help EFI partitions with limited space

Racy interactions between dirty vram tracking and paging log dirty
hypercalls [XSA-397, CVE-2022-26356]
race in VT-d domain ID cleanup [XSA-399, CVE-2022-26357]
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues [XSA-400,
CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361]

Read More

Kyndryl rolls out Dell partnership for disaster recovery and security

Read Time:37 Second

A new system recovery offering from former IBM division and current managed infrastructure service provider Kyndryl incorporates air-gapped data vaulting technology from Dell for faster recovery from major cybersecurity incidents like ransomware attacks.

The Cyber Incident Recovery service is a four-part system, says Kyndryl global security and resiliency practice leader Kris Lovejoy. Kyndryl provides an orchestration tool that offers users a way to respond programmatically and immediately to a cybersecurity event, an analytics tool that uses machine learning to do regular integrity checking on system configuration data (ensuring that it hasn’t been compromised by bad actors), and the company’s own in-house expertise in deployment and configuration of large-scale, enterprise systems.

To read this article in full, please click here

Read More