Vulnerabilities

Vulnerabilities

Issued by: Help Net Security

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…

Vulnerabilities

Issued by: Security Week

GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities. The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group. Technical details on the vulnerabilities have not been made public, but GTSC did say that…

Vulnerabilities

Issued by: Dark Reading

While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organizations. BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17%…

Vulnerabilities

Issued by: Dark Reading

Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness’ comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization’s end users. “Researchers from…

Vulnerabilities

Issued by: Dark Reading

Aunalytics, a leading data management and analytics company delivering managed IT and data platform services for mid-sized and enterprise businesses, today initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against…

Vulnerabilities

Issued by: Help Net Security

The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications of identity crimes and explores the lost opportunities as well as the emotional, physical and psychological…

Vulnerabilities

Issued by: Security Week

The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’ module that could allow an attacker to remotely overwrite arbitrary files by convincing users to process specially crafted tar archives. The flaw was never properly patched and instead users were warned not to open archive files from untrusted sources….

Vulnerabilities

Issued by: Security Week

The BackupBuddy plugin, which has roughly 140,000 active installations, is meant to help WordPress site administrators easily manage their backup operations. The plugin allows users to store the backups to various online and local destinations. Tracked as CVE-2022-31474 (CVSS score of 7.5), the exploited vulnerability exists because of an insecure method of downloading the backups…