This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-428: (0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-12775
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.
Indian enterprises struggle to hire IT workers for privacy roles
Indian businesses are finding it difficult to hire the privacy professionals they need, not only in legal and compliance roles, but also in technical roles, according to a survey by ISACA, an association for IT audit, governance, risk, and information security professionals.
ISACA found that 31% of Indian enterprises surveyed were understaffed for legal and compliance privacy professionals, and 43% for technical privacy professionals.
Indian enterprises are in a better position compared to the global average, where 46% of enterprises face privacy staffing shortages in legal and compliance roles, and 55% in technical privacy roles.
There are good reasons why India is doing better than other countries, but there is no room for complacency, according to RV Raghu, director at Versatilist Consulting India and a member of the ISACA Emerging Trends Working Group.
CVE-2020-22845
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
CVE-2020-22844
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
How to prep for increased Russia-based cyberattacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a Shields Up advisory in response to the evolving Russia-Ukraine conflict. The agency noted, “The Russian government has used cyber as a key component of their force projection over the last decade,” and warned that Russia might consider actions aimed to disrupt outside of Ukraine.
Should you do anything at this time to protect your firm? There’s no need to scramble and make drastic changes to your network. Rather, use these events as a reason to review your network and plan for future changes. Here’s a list of actions to take:
TCS’ Cyber Defense Suite PaaS offers integrated security to enterprises
Offering to consolidate cybersecurity services on a single PaaS (platform as a service), Tata Consultancy Services (TCS) has launched Cyber Defense Suite, designed to provide end-to-end threat visibility, extended detection, and automated incident response.
The PaaS, developed to work in multicloud environments, includes security governance risk and compliance support, as well as management capabilities for digital identity and access, vulnerability remediation, and third-party cyberrisks.
“By offering multiple cybersecurity services across IT ecosystems, synergized into a single platform, the suite allows our customers to have the visibility to manage threats and risks across their entire technology landscape, rather than having to work with disparate platforms, at times from different vendors,” says Santha Subramoni, global head of cybersecurity for TCS.
US Indicts BitConnect Founder
BitConnect founder charged with operating $2.4bn global cryptocurrency scheme