Toyota (car maker) – Asia division hit by unspecified cyberattack Belarusian Railway (train transportation) – Internal Network hit by Anonymous Bridgestone (tire and rubber manufacturer) – unspecified cyberattack Axis Communications (Swedish Security Solutions) – unspecified IT attack AON (insurance) – unspecified cyberattack Russian State Media (numerous aspects) – Anonymous is actively attacking different pieces of […]
Month: February 2022
CISA Urges Organizations to Patch Actively Exploited Zimbra XSS Vulnerability
LINK CVE-2022-24682 has been announced late last week for Zimbra email platform. You need to update it immediately if you have the system.
100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature
LINK Android’s hardware-backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices seem to have a design flaw in the cryptographic store and can lead to key extraction.
Breach Announcements – February 25, 2022
Nvidia (chipmaker) – unspecified cyberattack Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will only happen once per day, hopefully at […]
Malware Analysis – MuddyWater
LINK IOC data has been released for it, take a look and integrate it into your productions.
Cisco Releases Security Updates for Multiple Products
LINK Numerous High priority updates have been released for numerous products
CISA Adds Four Known Exploited Vulnerabilities to Catalog
LINK CVE ID Vulnerability Name Due Date CVE-2022-24682 Zimbra Webmail Cross-Site Scripting Vulnerability 3/11/2022 CVE-2017-8570 Microsoft Office Remote Code Execution 8/25/2022 CVE-2017-0222 Microsoft Internet Explorer Remote Code Execution 8/25/2022 CVE-2014-6352 Microsoft Windows Code Injection Vulnerability 8/25/2022
Mozilla Releases High Update
LINK Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path
CISA Adds Two Known Exploited Vulnerabilities to Catalog
LINK CVE ID Vulnerability Name Due Date CVE-2022-23131 Zabbix Frontend Authentication Bypass Vulnerability 3/8/2022 CVE-2022-23134 Zabbix Frontend Improper Access Control Vulnerability 3/8/2022
Chrome zero-day – Update Immediately
LINK Chrome has been under attack alot for the last year. Another Zero-Day has been found. Time to update Chrome again.