CVE-2022-43778

Read Time:10 Second

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Read More

CVE-2022-43777

Read Time:10 Second

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Read More

Business email compromise scams take new dimension with multi-stage attacks

Read Time:24 Second

In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack, which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor and targeted organizations from the banking and financial services sectors.

To read this article in full, please click here

Read More

CVE-2022-27541

Read Time:10 Second

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Read More

CVE-2022-27539

Read Time:10 Second

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Read More

CVE-2022-36331

Read Time:20 Second

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.
This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Read More

A Vulnerability in Fortinet FortiGate Could Allow for Remote Code Execution

Read Time:29 Second

A vulnerability has been discovered in Fortinet FortiGate, which could allow for remote code execution. Fortinet FortiGate is a firewall product that provides VPN functionality. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read More

To solve the cybersecurity worker gap, forget the job title and search for the skills you need

Read Time:51 Second

BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain of security roles.

For example, he has hired finance professionals for risk- and compliance-related work and marketing pros for awareness training projects. “It’s about being aligned with what is really needed and what core functionalities are required for the role,” Raman says.

Some roles, of course, must be filled with experienced security professionals, he says, and in those cases, he looks for candidates who have held prior security roles. On the other hand, he believes many security positions can be filled by people skilled in other disciplines. “And for those you don’t have to limit your search to security people,” he adds.

To read this article in full, please click here

Read More