Tenable

APRIL 7, 2022

On April 6, VMware published an advisory (VMSA-2022-0011) addressing eight vulnerabilities across a number of VMware products: CVE. CVE-2022-22954. CVE-2022-22955. OAuth2 ACS Authentication Bypass Vulnerability. CVE-2022-22956. OAuth2 ACS Authentication Bypass Vulnerability. CVE-2022-22957.

Authentication 98

Authentication Research Analysis Cloud 98

Ivanti

AUGUST 9, 2022

systems ( CVE-2022-26832 and CVE-2022-30130 ). Of the 121 new CVEs addressed this month, there is a zero day ( CVE-2022-34713 ) and a publicly disclosed CVE ( CVE-2022-30134 ). Of the 121 new CVEs addressed this month, there is a zero day ( CVE-2022-34713 ) and a publicly disclosed CVE ( CVE-2022-30134 ).

Windows 94

Windows Systems Review Budget Azure 94

Tenable

AUGUST 3, 2023

AA23-215A: 2022's Top Routinely Exploited Vulnerabilities A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022 Background On August 3, a joint Cybersecurity Advisory (CSA) AA23-215A coauthored by multiple U.S.

Authentication 52

Authentication Data Center Software Review Windows 52

Tenable

AUGUST 2, 2022

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021). On August 2, VMware issued an advisory ( VMSA-2022-0021 ) for ten vulnerabilities across several of its products. On August 2, VMware issued an advisory ( VMSA-2022-0021 ) for ten vulnerabilities across several of its products.

Authentication 53

Authentication Research Analysis Organization 53

Tenable

FEBRUARY 9, 2024

On February 7, researchers at Fortinet published a blog post highlighting the exploitation of CVE-2022-42475 and CVE-2023-27997 by Chinese threat groups including Volt Typhoon , APT15 (also known as Ke3chang) and APT31 (also known as ZIRCONIUM) as well as UNC757 ( also known as Fox Kitten), which has a “suspected nexus to the Iranian government.”

Malware 122

Malware Authentication Infrastructure Analysis 122

Let's Grow Leaders

DECEMBER 26, 2022

Top 3 Let’s Grow Leaders Articles of 2022. Our number one most-read article in 2022 is on how (and when) to say no at work. Consistently, compassion, courage, and curiosity continue to top the list, closely followed by flexibility and authenticity. Which leadership article resonated most with you and why?

Leadership 93

Leadership eBook Culture Programming 93

Tenable

MARCH 12, 2024

In 2022, Microsoft patched two EoP flaws in OMI ( CVE-2022-33640 and CVE-2022-29149 ), as well as an information disclosure vulnerability ( CVE-2023-36043 ) in November 2023. Including this month, nine RCE vulnerabilities affecting Windows Hyper-V have been disclosed since 2022, with seven of them rated as Critical.

Windows 124

Windows Azure Authentication Infrastructure 124

Tenable

AUGUST 9, 2022

Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713). Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws. Microsoft patched 118 CVEs in its August 2022 Patch Tuesday release, with 17 rated as critical and 101 rated as important. 17 Critical. 0 Moderate.

SMB 64

SMB Azure Windows Disaster Recovery 64

Honeycomb

OCTOBER 3, 2022

If you missed last month’s blog , this will be a monthly recurring series to keep you posted with the latest and greatest at Honeycomb. Now, your SLO health is just an authenticated curl away, making it that much easier to integrate into your toolchain of choice. . The post Feature Focus: September 2022 appeared first on Honeycomb.

Compliance 83

Compliance Resources Transportation Authentication 83

Tenable

MAY 9, 2023

Feynman In the last of our four-part blog series we take a closer look at eight notable CVEs in 2022 and explore how the gaps between their discovery and their full disclosure on the National Vulnerability Database (NVD) could put organizations at risk. 1 CVE Description CVSS v3 VPR* CVE-2022-1134 Type confusion in V8 Google Chrome 8.8

Authentication 52

Authentication Study Small Business Research 52

Tenable

JANUARY 9, 2024

Our counts omitted CVE-2022-35737, a vulnerability in SQLite called “Stranger Strings” that was assigned by MITRE and patched in July 2022. The attacker would then be able to bypass authentication via impersonation. this flaw can be exploited by an authenticated attacker with at least Site Owner privileges.

Windows 115

Windows Authentication Cloud Linux 115

Tenable

FEBRUARY 8, 2022

Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild. Microsoft patched 48 CVEs in the February 2022 Patch Tuesday release, with all 48 rated as important and none rated as critical. CVE-2022-22717 (CVSSv3 7.0)

Windows 52

Windows Research Azure System 52

Tenable

MARCH 30, 2022

On March 29, VMware published an advisory (VMSA-2022-0009) for a moderate severity vulnerability in VMware vCenter Server, its centralized management software for VMware vSphere cloud computing virtualization systems. CVE-2022-22948. This blog post was published on March 30 and reflects VPR at that time. Background. Description.

Authentication 52

Authentication Windows Virtualization Groups 52

Tenable

FEBRUARY 13, 2024

According to Microsoft, this vulnerability has been exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published. Since 2022, there have been five Windows SmartScreen vulnerabilities disclosed across Patch Tuesday.

LAN 125

LAN Windows Azure Internet 125

Tenable

JUNE 12, 2023

On June 11, Fol tweeted about the availability of patches for the flaw, adding that it is “reachable pre-authentication, on every SSL VPN appliance.” This is reachable pre-authentication, on every SSL VPN appliance. In the blog, Fortinet notes that CVE-2023-27997 “may have been exploited in a limited number of cases.”

Firewall 102

Firewall Authentication Research Groups 102

Tenable

OCTOBER 2, 2023

This blog post was published on October 2 and reflects VPR at that time. Medium CVE-2022-27665 WS_FTP Reflected XSS Vulnerability 6.1 Medium CVE-2022-27665 WS_FTP Reflected XSS Vulnerability 6.1 WS_FTP Server 2022 2022.0.2 Critical CVE-2023-42657 WS_FTP Directory Traversal Vulnerability 9.9

Software Review 122

Software Review Software Systems Review Authentication 122

CIO

SEPTEMBER 12, 2023

Five core capabilities—visibility, authentication and authorization, role-based access, conditional monitoring, and enforcement and response—form the foundation of Zero Trust Security. Are you enforcing security policies consistently everywhere throughout the network? i] S ievers, T. Proposal for a NIS directive 2.0: European Union.

Security 236

Security Compliance Network Policies 236

Tenable

APRIL 20, 2022

Oracle addresses 221 CVEs in its second quarterly update of 2022 with 520 patches, including 27 critical updates. On April 19, Oracle released its Critical Patch Update (CPU) for April 2022 , the second quarterly update of the year. CVE-2022-23305. CVE-2022-23437. Please refer to the April 2022 advisory for full details.

Database Administration 57

Database Administration Backup PHP Blockchain 57

Tenable

MAY 9, 2024

In order to exploit this vulnerability, the vulnerable target system needs to be configured with Lightweight Directory Access Protocol (LDAP) for user authentication. Successful exploitation would result in the disclosure of sensitive information, including password hashes and the administrator password hash.

Research 60

Research Authentication Report Analysis 60

O'Reilly Media - Ideas

NOVEMBER 1, 2022

If you’re interested in writing AI software to generate code (and not just using Copilot), Evan Pu has begun a series of blog posts on program synthesis. It’s rumored that Apple’s VR headset will perform an iris scan when someone puts it on, to authenticate the user to apps. This was their “most requested feature.”

Trends 101

Trends Artificial Inteligence Open Source Research 101

Tenable

FEBRUARY 14, 2023

In 2022, Microsoft patched two EoP vulnerabilities in CLFS, CVE-2022-37969 and CVE-2022-24521 , that were also exploited in the wild. CVE-2022-24521 was disclosed to Microsoft by the National Security Agency and CrowdStrike, and patched in Microsoft April Patch Tuesday. and was exploited in the wild.

Windows 100

Windows Azure Authentication Policies 100

Tenable

SEPTEMBER 28, 2023

CVE Description CVSSv3 CVE-2022-31459 Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability 7.4 CVE-2022-31461 Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability 7.4 CVE-2022-31462 Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability 9.3 Image source: Owl Labs, Sept.

Malware 64

Malware Software Review Authentication Meeting 64

Tenable

JUNE 14, 2023

CVE-2023-20888 Aria Operations for Networks Authenticated Deserialization Vulnerability 9.1 This blog post was published on June 14 and reflects VPR at that time. A blog post on Summoning Team’s website was released which details the exploitation process of CVE-2023-20887. Great article!

Network 53

Network Software Review Authentication Systems Review 53

Tenable

JANUARY 10, 2024

CVE Description CVSSv3 CVE-2023-46805 Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability 8.2 Analysis CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti Connect Secure (ICS), previously known as Pulse Connect Secure and Ivanti Policy Secure.

Policies 72

Policies Authentication Analysis Network 72

Tenable

JANUARY 31, 2023

Recent Exchange Server bugs ProxyNotShell disclosed in September 2022 with no patches, just mitigation guidance for two months At the end of September 2022, researchers at GTSC Cybersecurity Technology Company Limited publicly disclosed two zero-day vulnerabilities, collectively referred to as ProxyNotShell (CVE-2022-41040, CVE-2022-41082).

Authentication 52

Authentication Research Organization Report 52

CircleCI

JANUARY 13, 2023

On December 29, 2022, we were alerted to suspicious GitHub OAuth activity by one of our customers. On December 30, 2022, we learned that this customer’s GitHub OAuth token had been compromised by an unauthorized third party. This machine was compromised on December 16, 2022.

Report 145

Report Systems Review Malware Software Review 145

Tenable

OCTOBER 18, 2023

On October 17, Mandiant released a blog post and remediation guidance document where they noted that exploitation of a zero-day vulnerability, later identified as CVE-2023-4966, was observed in late August. Successful exploitation allows the attacker to bypass multifactor authentication (MFA) requirements. and later releases of 13.0

Systems Review 68

Systems Review Software Review Authentication Virtualization 68

Tenable

MARCH 14, 2024

Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3 This blog will be updated to reflect the correct CVSSv3 score if the advisory or NVD record are updated. At the time this blog was published, Fortinet’s advisory did not include any messaging about known exploitation of this vulnerability.

Software Review 67

Software Review Systems Review Authentication Infrastructure 67

Tenable

NOVEMBER 4, 2022

That’s according to the “ 2022 CISO Compensation Benchmark Report” from IANS Research and Artico Search , which polled more than 500 CISOs and found that total compensation went up 15% compared with last year to $495,000. Source: “2022 CISO Compensation Benchmark Report” from IANS Research and Artico Search, October 2022).

Trends 103

Trends Authentication Recruiting Banking 103

Lacework

MAY 20, 2022

CVE(s) (if available): CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961, CVE-2022-22972, CVE-2022-22973. For more details on Keksec , refer to Lacework Labs’ blogs and Github.

Malware 78

Malware IoT Authentication Network 78

Hacker Earth Developers Blog

MARCH 2, 2022

These proctors are trained to ensure authenticity, looking for any red flags such as suspicious eye or facial movements. As remote hiring grows, proctoring has a vital role in ensuring the credibility and authenticity of the tech assessment process. Recommended read: What Recruiters Forecast For Tech Hiring In 2022.

Artificial Inteligence 130

Artificial Inteligence Authentication Testing Artificial Intelligence 130

Tenable

SEPTEMBER 12, 2023

Palmiotti said in a post that a blog and exploit code for the vulnerability will “be released soon.” Blog and exploit code to be released soon. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user.

LAN 120

LAN Windows 3D Azure 120

Prisma Clud

DECEMBER 9, 2022

Maybe that’s why Selling Power recently named him 2022 CRO of the Year. To get there, you need to be authentic. When you ask me to do something, it gets done right and to a high standard, with authenticity because I’m highly transparent while I’m doing it. Good news or bad news, be transparent and authentic in near-real time.

Cloud 52

Cloud Weak Development Team Culture Authentication 52

Trigent

FEBRUARY 7, 2022

user authentication information, transactions carried out by a user, listing and updating inventory, offline state when out of network. This blog aims to aid the app developer in choosing the correct database based on some specific criteria. The database for an app is selected based on the purpose of building the app. Limitations.

Mobile 52

Mobile Applications Authentication Open Source 52

Tenable

SEPTEMBER 22, 2023

Insurance provider Coalition said in its “ 2023 Cyber Claims Report: Mid-year Update ” that cyber claims rose 12% in the first half of 2023 compared with the second half of 2022, a surge driven primarily by ransomware attacks. Other ransomware insights from the report include: The number of ransomware attacks in the U.S.

Insurance 71

Insurance Trends IoT Software Review 71

Ivanti

SEPTEMBER 12, 2022

Remote authentication on Shared iPad. MDM administrators can also choose to always enforce remote authentication or to define a grace period before remote authentication is required, providing the flexibility to determine when remote passcode changes take effect on existing cached sign-ins. Declarative management.

Software Review 76

Software Review Authentication Internet Resources 76

Tenable

NOVEMBER 14, 2023

3 Critical 54 Important 0 Moderate 0 Low Update November 14: This blog has been updated to note the availability of fixes for Windows and Windows Server for CVE-2023-38545, a heap buffer overflow vulnerability in curl. Moderate December 2022 CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability 4.4

Windows 70

Windows Systems Review Software Review .Net 70