サイバーヴィッシュ テクノロジーなどに関する最新の洞察とトレンド サイバーセキュリティ
サイバーセキュリティ

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Juniper Junos OS suffered several security flaws, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE),” Yibelo said in a report. Also identified are five other issues, which are listed as follow – CVE-2022-22242 (CVSS score: 6.1) – A pre-authenticated reflected XSS on the error page (“error.php”), allowing a remote […]

続きを読む
サイバーセキュリティ

Twilio Suffers Another Breach After The August Hack- Same Hackers are suspected behind both the breaches

Same Hackers are suspected behind the August and June security breaches. After the August hack resulted in unauthorized access of customer information, Communication services provider Twilio, this week disclosed that they had experienced a “brief security incident” in June 2022 , Twilio stated that the breach was perpetrated by the same threat actor behind the August hack. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in. “In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to […]

続きを読む
サイバーセキュリティ

A possible data breach being reviewed by Bed Bath & Beyond

Bed Bath & Beyond said that there was a possible data breach in the company Bed Bath & Beyond Inc were of the view that there was a possible data breach in the company. The company on Friday said that a third party had improperly accessed its data through a phishing scam this month. The data was breached by accessing the hard drive and certain shared drives of one of its employees. The big-box retailer said it was reviewing the data that was accessed so it can determine whether the drives contained any sensitive or personally identifiable information. The home goods retailer added it has no reason to believe that […]

続きを読む
サイバーセキュリティ テクノロジー

LASTPASS – FACING SECURITY ISSUES AGAIN?

Lastpass- the password management solution which had the beliefs of thousands of users suddenly faced criticism on account of its security incident last month. Lastpass has a record of security incidents in 2011, 2015, 2016,2019,2021,2022.

続きを読む
silver and black laptop computer
サイバーセキュリティ テクノロジー

HP Enterprise Computers were left vulnerable to cyberattacks because of unpatched high-severity security vulnerabilities.

Security researchers have found hidden vulnerabilities in several models of HP’s Business-oriented notebooks that continue to be unpatched, (Sic) Binarily told listeners at the Black Code conference.It said that these flaws are “difficult to detect with TPM measurements.” Firmware flaws can have serious implications as they allow an adversary to achieve long-term persistence on a device running in the background, evading traditional operating system security protections. The high-severity vulnerabilities identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling an attacker to execute arbitrary code with highest privileges – CVE-2022-23930 (CVSS score: 8.2) – Stack-based buffer […]

続きを読む