New report outlines key mitigations for OT owners
Daily Archives: September 23, 2022
Europol “Hackathon” Identifies Scores of Human Trafficking Victims
A third of Australian population likely affected in Optus cyberattack
Australia’s second largest telecommunications provider, Optus, revealed it suffered a cyberattack where data from customers have possibly been accessed. However, the company claims the attack has not affected the platforms and services supporting wholesale, satellite and enterprise customers, and that of enterprise customers. Mobile and home internet services have also not been affected.
Suspicious activity was noticed on Wednesday with Optus issuing a media statement on Thursday afternoon, which was a nation-wide public holiday.
What Optus knows about the breach
The 9.8 million number of “possibly” affected customers circulating is the worst-case scenario, said Optus CEO Kelly Bayer Rosmarin at a media conference on Friday. That is the equivalent to about 37% of the Australian population. In its most recent financial report, Optus revealed it had over 10 million mobile customers as of 31 March 2022.
CVE-2020-36604
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
ZDI-22-1296: Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1297: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1298: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1299: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-41803 (consul)
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2.”
DSA-5237 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, CSP bypass or session fixation.