Search results for: vulnerability


MS SQL servers are getting hacked to deliver ransomware to orgs

Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned. They haven’t pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts. “And there may be vulnerability attacks on systems that do not have a vulnerability patch … More


RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)

Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu, there’s a good reason: earlier this year, another zero-day (CVE-2022-1040) in the same component was leveraged by attackers against “a small set of specific organizations, primarily in the South Asia region” – and this time around is … More

week in review

Week in review: Revolut data breach, ManageEngine RCE flaw, free Linux security training courses

GTA 6 in-development footage leaked American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the popular game. Uber says Lapsus$ gang is behind the recent breach Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor. Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559) Trellix Advanced … More


Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of the flaw aren’t available – though, according to data collected by Greynoise, exploitation attempts don’t seem widespread. About CVE-2022-35405 CVE-2022-35405 is a remote code execution vulnerability that can be exploited to execute arbitrary code on … More


Risk management focus shifts from external to internal exposure

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented by industry and company size. The report reflects the results of more than 3,100 penetration tests from nearly 1,600 client engagements in the technology, financial services, healthcare, and retail sectors. Long-term data shows that cyber … More


Secure Code Warrior Coding Labs helps developers advance their secure coding skills

Secure Code Warrior has unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code. This marks the first time a coding-specific platform has enabled real-time coding in an in-browser integrated development environment (IDE). Until now, to get more direct real-coding training experience, developers have needed to rely on virtualized setups that can be difficult to use and unfamiliar, leading … More


Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. Successful exploit The vulnerability exists in the Python tarfile module which is a default module in any project using Python and is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google, and applications used for machine learning, automation and docker containerization. The vulnerability can be exploited by uploading … More


What you need to know about Evil-Colon attacks

While novel attacks seem to emerge faster than TikTok trends, some warrant action before they’ve even had a chance to surface. This is the case for an attack we’ll refer to as Evil-Colon, which operates similarly to the now defunct Poison-NULL-Byte attacks. Though Poison-NULL-Byte attacks are now obsolete, they may have paved the path for new, similar attacks that could wreak havoc in your code if not dealt with properly. Case in point: When performing … More

security platform

ThreatQ TDR Orchestrator addresses industry needs for simpler implementation

ThreatQuotient has released a new version of ThreatQ TDR Orchestrator, the solution for a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, the continued innovation of ThreatQ TDR Orchestrator includes enhanced automation, analysis and reporting capabilities that accelerate threat detection and response across disparate systems. The latest research from ThreatQuotient, planned for full release later in 2022, shows signs that adoption of security automation is advancing, as budgets in this area are … More

open source security

Open-source software usage slowing down for fear of vulnerabilities, exposures, or risks

Anaconda released its annual 2022 State of Data Science report, revealing the widespread trends, opportunities, and perceived blockers facing the data science, machine learning (ML), and artificial intelligence (AI) industries. The global study targeted the open-source community through three cohorts of academics, industry professionals, and students. While open-source software was created by and for developers, it is now an integral part of commercial software development and the backbone for continuous enterprise innovation. Of those surveyed, … More


iBASIS collaborates with jtendo to protect customers’ signaling networks

iBASIS has integrated the multi-protocol signaling firewall of jtendo to its Managed Cloud-Based Security Portfolio, iBASIS Security iQ360. The increase in the number of network protocols (also covering 5G), technologies, and roaming traffic creates a greater complexity requiring advanced features for testing and cross-protocol correlation to monitor, analyze, detect, and prevent security breaches. The strategic partnership combines jtendo security audit experience, deep technical knowledge of telco protocols, and cross-protocol correlation expertise with iBASIS’ international and … More


High severity vulnerabilities found in Harbor open-source artifact registry

Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE-2022-31667) in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware. Harbor is an open-source cloud native registry project that stores, signs, and scans content. It can integrate with various Docker registries to provide security features such as user management, access control, and activity auditing. Classified as an access control vulnerability, IDOR … More