Share

RSS

More Articles…

• The SOAR benefits: simplifying investigation and response
• Security Code Review: How the service works
• Integration of the automated response: the automations in SOCaaS
• Coordination between CTI and SOC: how to further raise the defenses
• New Cloud Server: redundant internet
• Quality certificate for the SOCaaS of SOD
• Managed Detection and Response: a new preventive approach
• CLUSIT: our collaboration for better services

Categories …

• Backup as a Service (17)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• ICT Monitoring (5)
• Log Management (2)
• News (21)
• ownCloud (4)
• Privacy (7)
• Secure Online Desktop (14)
• Security (170)
  • Cyber Threat Intelligence (CTI) (6)
  • Ethical Phishing (8)
  • Penetration Test (5)
  • SOCaaS (55)
    • SIEM (13)
    • SOAR (5)
    • UEBA (9)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

Dark Reading

• Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers May 31, 2023
  The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model May 31, 2023
  Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
• MacOS 'Migraine' Bug: Big Headache for Device System Integrity May 31, 2023
  Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.
• Ways to Help Cybersecurity's Essential Workers Avoid Burnout May 31, 2023
  To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
• What Apple's RSRs Reveal About Mac Patch Management May 31, 2023
  Apple's Rapid Security Response updates are designed to patch critical security vulnerabilities, but how much good can they do when patching is a weeks-long process?
• Investment May Be Down, but Cybersecurity Remains a Hot Sector May 31, 2023
  There's still a great deal of capital available for innovative companies helping businesses secure their IT environments.
• Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster May 31, 2023
  Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams "shift everywhere" with speed and accuracy.
• New eID Scheme Gives EU Citizens Easy Access to Public Services Online May 31, 2023
  The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.
• Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS May 31, 2023
  Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.
• Focus Security Efforts on Choke Points, Not Visibility May 31, 2023
  By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation.

Full Disclosure

• CVE-2022-48336 - Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48336 [+] Title : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48335 [+] Title : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48334 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48334 [+] Title : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48333 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48333 [+] Title : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48332 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48332 [+] Title : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48331 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48331 [+] Title : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer May 30, 2023
  Posted by Lennert Preuth via Fulldisclosure on May 30Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-only version: https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt Further SCHUTZWERK advisories: https://www.schutzwerk.com/blog/tags/advisories/ Affected products/vendor...
• [RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery May 30, 2023
  Posted by RedTeam Pentesting GmbH on May 30For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response […]
• [RT-SA-2023-004] Pydio Cells: Cross-Site Scripting via File Download May 30, 2023
  Posted by RedTeam Pentesting GmbH on May 30Advisory: Pydio Cells: Cross-Site Scripting via File Download Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. […]
• [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments May 30, 2023
  Posted by RedTeam Pentesting GmbH on May 30Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning […]