The US Securities and Exchange Commission has roiled the cybersecurity industry by putting executives of SolarWind on notice that it may pursue legal action for violations of federal law in connection with their response to the 2020 attack on the company’s infrastructure that affected thousands of customers in government agencies and companies globally.
Current and former employees and officers of the company, including the chief financial officer (CFO) and chief information security officer (CISO), have received so-called Wells Notices from the SEC staff, in connection with the investigation of the 2020 cyberattack, the company said in an SEC filing.
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
Graham Cluley Security News is sponsored this week by the folks at Infoblox. Thanks to the great team there for their support! At Infoblox, we know that the most important thing to prevent potential attacks against DNS is to understand it and get the right tools and techniques to defend DNS infrastructure. Assembled by the … Continue reading “DNS can speed up response to threats and make security operations more productive”
