Twitter breach exposed anonymous account owners

A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday. It did not confirm a report Read More …

Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution

Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines. TALOS-2022-1452 (CVE-2022-21147) is a Read More …

Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report

Software vulnerabilities remain a key avenue of initial access for attackers according to the 2022 Unit 42 Incident Response Report. While this underscores the need for organizations to operate with a well-defined patch management strategy, we’ve observed that attackers are Read More …

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely Read More …

Atlassian reveals critical flaws in almost everything it makes and touches

Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security. The company’s July security advisories detail “Servlet Filter dispatcher vulnerabilities.” One of the flaws – CVE-2022-26136 – Read More …

CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global Read More …

Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for government and industry. The recommendations from the CSRB – an unprecedented public-private initiative that brings Read More …

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) Read More …