Pierluigi Paganini
August 10, 2022
US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw, tracked as CVE-2022-30333 (CVSS score: 7.5), in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The CVE-2022-30333 flaw is a path traversal […]
Pierluigi Paganini
August 10, 2022
VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petrus Viet from VNG Security, […]
Pierluigi Paganini
August 09, 2022
Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA […]
Pierluigi Paganini
August 08, 2022
LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […]
Pierluigi Paganini
August 08, 2022
Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app and a freemium secure email service, as of March 2017, Tutanota’s owners claimed to have over 2 million users. The news is that Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams […]
Pierluigi Paganini
August 06, 2022
Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace Slack announced that it is resetting passwords for about 0.5% of its users after a bug exposed salted password hashes when creating or revoking shared invitation […]
Pierluigi Paganini
August 05, 2022
The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks. The Emergency Alert System […]
Pierluigi Paganini
August 05, 2022
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog. In middle June, researchers from Sonarsource discovered […]
Pierluigi Paganini
August 04, 2022
An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […]
Pierluigi Paganini
August 04, 2022
Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. […]
