OpenSubtitles (popular online subtitles site) – almost 7 million users info Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will only […]
Month: January 2022
Microsoft Announces Plans to Turn off Excel v4.0 Macros by default
LINK This will be hugely helpful as many exploit kits, including Emotet use this
CISA Adds Four More Known Exploited Vulnerabilities to their Catalog
LINK The four added are CVE Number CVE Title Required Action Due Date CVE-2006-1547 Apache Struts 1 ActionForm Denial of Service Vulnerability 07/21/2022 CVE-2012-0391 Apache Struts 2 Improper Input Validation Vulnerability 07/21/2022 CVE-2018-8453 Microsoft Windows Win32k Privilege Escalation Vulnerability 07/21/2022 CVE-2021-35247 SolarWinds Serv-U Improper Input Validation Vulnerability 02/04/2022 The download for the full CSV is […]
McAfee Posts Two High Priority Vulnerabilities
LINK Looks like this is in the McAfee Update Agent.
F5 Publishes January 2022 Vulnerabilities
LINK F5 has published a list of vulnerabilities. If you have F5 devices, time to address them.
Google Chrome Pushes New Update fixing numerous Vulnerabilities
LINK Time to update Google Chrome again
Breach Announcements – January 20, 2022
Crypto.com (cryptocurrency trading site) – 483 large customers data and currency withdrawn\ Red Cross (humanitarian organization) – half a million users PII exfiltrated R.R. Donnelly (integrated services company) – unspecified intrusion Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never […]
VMware Hit by Log4j
LINK It is not easy to be concise in listing VMware products affected by Log4j. So goto the link above for details.
Numerous new Cisco Vulnerabilities including a Critical one for Cisco StarOS in Cisco Redundancy Configuration Manager
LINK Time to look again if you have Cisco products in your network, including Webex.
Google Project Zero finds 2 vulnerabilities in Zoom
LINK Google Project Zero has identified 2 Critical and High rated Vulnerabilities in Zoom Clients and Zoom MMR systems. Patches were released by the Vendor.