Share

RSS

More Articles…

• The SOAR benefits: simplifying investigation and response
• Security Code Review: How the service works
• Integration of the automated response: the automations in SOCaaS
• Coordination between CTI and SOC: how to further raise the defenses
• New Cloud Server: redundant internet
• Quality certificate for the SOCaaS of SOD
• Managed Detection and Response: a new preventive approach
• CLUSIT: our collaboration for better services

Categories …

• Backup as a Service (17)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• ICT Monitoring (5)
• Log Management (2)
• News (21)
• ownCloud (4)
• Privacy (7)
• Secure Online Desktop (14)
• Security (170)
  • Cyber Threat Intelligence (CTI) (6)
  • Ethical Phishing (8)
  • Penetration Test (5)
  • SOCaaS (55)
    • SIEM (13)
    • SOAR (5)
    • UEBA (9)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

Dark Reading

• Undetected Attacks Against Middle East Targets Conducted Since 2020 May 30, 2023
  Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that's been in the wild since 2020.
• 9M Dental Patients Affected by LockBit Attack on MCNA May 30, 2023
  The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.
• Pentagon Leaks Emphasize the Need for a Trusted Workforce May 30, 2023
  Tightening access controls and security clearance alone won't prevent insider threat risks motivated by lack of trust or loyalty.
• Top Cyberattacks Revealed in New Threat Intelligence Report May 29, 2023
  New report provides actionable intelligence about attacks, threat actors, and campaigns.
• 2 Lenses for Examining the Safety of Open Source Software May 26, 2023
  Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people.
• 130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach May 26, 2023
• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints May 26, 2023
  Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.
• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives May 26, 2023
  Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.
• How Safe Is Your Wearable Device? May 26, 2023
  To mitigate risk, both developers and users must include security principles and technologies as core foundations in new devices.
• Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes May 26, 2023
  Ukraine head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism."

Full Disclosure

• CVE-2022-48336 - Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48336 [+] Title : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48335 [+] Title : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48334 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48334 [+] Title : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48333 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48333 [+] Title : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48332 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48332 [+] Title : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• CVE-2022-48331 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) May 30, 2023
  Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48331 [+] Title : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
• SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer May 30, 2023
  Posted by Lennert Preuth via Fulldisclosure on May 30Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-only version: https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt Further SCHUTZWERK advisories: https://www.schutzwerk.com/blog/tags/advisories/ Affected products/vendor...
• [RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery May 30, 2023
  Posted by RedTeam Pentesting GmbH on May 30For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response […]
• [RT-SA-2023-004] Pydio Cells: Cross-Site Scripting via File Download May 30, 2023
  Posted by RedTeam Pentesting GmbH on May 30Advisory: Pydio Cells: Cross-Site Scripting via File Download Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. […]
• [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments May 30, 2023
  Posted by RedTeam Pentesting GmbH on May 30Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning […]