To pierce the Fog of More, organizations must implement essential cyber hygiene and track their implementation of security best practices.
Daily Archives: September 26, 2022
Zoho ManageEngine flaw is actively exploited, CISA warns
A remote code execution vulnerability in Zoho’s ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities last week, highlighting an immediate threat for organizations that haven’t yet patched their vulnerable deployments.
The vulnerability, tracked as CVE-2022-3540, was privately reported to Zoho in June by a security researcher identified as Vinicius and was fixed later that same month. The researcher posted a more detailed writeup at the beginning of this month and, according to him, it’s a Java deserialization flaw inherited from an outdated version of Apache OFBiz, an open-source enterprise resource planning system, where it was patched in 2020 (CVE-2020-9496). This means that the Zoho ManageEngine products were vulnerable for two years due a failure to update a third-party component.
scala-2.13.9-1.fc36
FEDORA-2022-34acf878fb
Packages in this update:
scala-2.13.9-1.fc36
Update description:
Security fix for CVE-2022-36944.
See https://github.com/scala/scala/releases/tag/v2.13.9 for other changes in scala 2.13.9.
scala-2.13.9-1.fc35
FEDORA-2022-07dd9375b2
Packages in this update:
scala-2.13.9-1.fc35
Update description:
Security fix for CVE-2022-36944.
See https://github.com/scala/scala/releases/tag/v2.13.9 for other changes in scala 2.13.9.
Fitbit Increases Security Requirements, Mandates Google Login From 2023
Users will have the option to log in using their Fitbit account for as long as it is supported
CVE-2021-28052
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.
ReasonLabs Unveils Multimillion Dollar Global Credit Card Scam
The victims of the plot were users of Mastercard, Visa, and American Express, among others
Jamf buys ZecOps to bring high-end security to Apple enterprise
ZecOps protects world-leading enterprises, governments, and individuals; Jamf has acquired it to help secure the enterprise.
Hackers Use NullMixer and SEO to Spread Malware More Efficiently
The websites are often related to crack, keygen and activators for illegal software
97% of enterprises say VPNs are prone to cyberattacks: Study
Reliance on VPNs for remote access is putting enterprises at significant risk as social engineering, ransomware, and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler.