Misconfiguration practices might make companies lucrative targets for threat actors Source: Infosecurity Nearly One Million Misconfigured Kubernetes Exposed That Could Cause Data Breaches
Author: admin
A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding …
Hackers Deploy Shadowpad Backdoor and Target Industrial Control Systems in Asia
Telecommunications companies in Pakistan and Afghanistan and a port in Malaysia targeted Source: Infosecurity Hackers Deploy Shadowpad Backdoor and Target Industrial Control Systems in Asia
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta). Source: DarkReading Ransomware Volume Nearly Doubles 2021 …
CVE-2022-0085
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Source: NIST CVE-2022-0085
Android Spyware 'Revive' Upgraded to Banking Trojan
Dubbed ‘Revive’ because of its ability to automatically restart in case it stops working, the tool seems to be designed for persistent campaigns. Source: Infosecurity Android Spyware ‘Revive’ Upgraded to …
CVE-2022-30562
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the …
CVE-2022-30560
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device …
CVE-2022-23763
Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, …
CVE-2022-30563
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login …