Disponibile un Proof of Concept (PoC) per la vulnerabilità CVE-2022-34265 – già sanata dal vendor – presente nel noto framework Django. Tale vulnerabilità, qualora sfruttata, potrebbe permettere ad un utente malintenzionato remoto di leggere e modificare i dati presenti nel database dell’applicazione. Source link Author:…
Original release date: July 6, 2022 OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the…
Rilasciati aggiornamenti di sicurezza Fortinet che risolvono vulnerabilità in vari prodotti, di cui 4 con gravità “alta”. Source link Author: csirt@alfacert.gov.it Article used for cyber security disclosure.
Original release date: June 29, 2022 Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla…
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 27 giugno al 3 luglio 2022 Source link Author: csirt@alfacert.gov.it Article used for cyber security disclosure.
Original release date: July 1, 2022 CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise….
Il Federal Bureau of Investigation (FBI), la Cybersecurity and Infrastructure Security Agency (CISA), il Dipartimento del Tesoro statunitense e la Financial Crimes Enforcement Network (FinCEN) hanno recentemente pubblicato un Cybersecurity Advisory (CSA) congiunto in cui evidenziano dettagli inerenti al Ransomware-as-a-Service (RaaS) denominato “MedusaLocker”. Source link…
Original release date: June 30, 2022 CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities…
