Read Time:9 Second
It was discovered that PHP’s implementation of SOAP HTTP Digest
authentication performed insufficient error validation, which may result
in a stack information leak or use of weak randomness.
Monthly Archives: June 2023
4 Reasons Why Security Awareness Training Is Important
Read Time:7 Second
Experts at CIS, the MS- and EI-ISACs, and our member organizations share their thoughts on why security awareness training is important.
CVE-2022-43778
Read Time:10 Second
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2022-43777
Read Time:10 Second
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
Business email compromise scams take new dimension with multi-stage attacks
Read Time:24 Second
In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack, which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor and targeted organizations from the banking and financial services sectors.
Surprise! Staff don’t like receiving phishing tests from their firms that pose as salary increases
Read Time:4 Second
UK law firm Knights certainly has an interesting way of keeping its staff happy.
CVE-2022-27541
Read Time:10 Second
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2022-27539
Read Time:10 Second
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2022-36331
Read Time:20 Second
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.
This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
A Vulnerability in Fortinet FortiGate Could Allow for Remote Code Execution
Read Time:29 Second
A vulnerability has been discovered in Fortinet FortiGate, which could allow for remote code execution. Fortinet FortiGate is a firewall product that provides VPN functionality. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights