CVE-2018-14519

Read Time:11 Second

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

Read More

WannaCry explained: A perfect ransomware storm

Read Time:42 Second

What is WannaCry?

WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC’s hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.

A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain’s National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government.

To read this article in full, please click here

Read More

How 2023 cybersecurity budget allocations are shaping up

Read Time:42 Second

Cybersecurity spending in the coming year may not be recession-proof, but it’s likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that.

“It’s hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach,” says Forrester Vice President and Research Director Merritt Maxim.

“There might be some growth or flat, with the potential that if there is a more significant downturn next year, then spot cuts may be necessary,” Maxim continues. “For now, though, I don’t see any immediate slashing of budgets in anticipation of macroeconomic conditions.”

To read this article in full, please click here

Read More

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities

Read Time:45 Second

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities
Arnie Cabral
Wed, 08/24/2022 – 12:18

Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified, reported and fixed. With the release of Nessus Agent 8.3.4, Tenable has mitigated the reported issues by enabling the ability to sign and verify custom audit files.

1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.

Additional details on the custom audit signing functionality can be found here: https://community.tenable.com/s/article/Audit-Signing-Overview

Read More

CVE-2020-35520

Read Time:9 Second

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Read More

Researchers warn of darkverse emerging from the metaverse

Read Time:36 Second

The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes.

Security researchers predict that a kind of darknet structure could emerge there, similar to today’s Internet. The machinations of the cyber gangsters could even take place in protected rooms that can only be reached from a specific physical location and via valid authentication tokens. This would make their underground marketplaces inaccessible to law enforcement agencies. In fact, it could be years before the police can operate effectively in the metaverse.

To read this article in full, please click here

Read More