A critical authorization rules bypass vulnerability exists in Spring Security versions 5.7.0 to 5.7.4 and versions 5.6.0 to 5.6.8. The vulnerability gives attackers a way to potentially bypass an API gateway and…
Category: Enterprise
5 things to know about the bugs patched in OpenSSL version 3.0.7
The first: This isn’t Heartbleed redux [298 words]. What bugs were fixed: OpenSSL version 3.0.7 fixes two “high” severity vulnerabilities in OpenSSL versions 3.0.0 to 3.0.6. The vulnerabilities are CVE-2022-3786 an X.509…
Five useful lists and tools for identifying resources with vulnerable OpenSSL in them
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open…
ConnectWise patches critical flaw in its Recover and R1Soft Server Backup Manager technology
Vulnerability gives attackers a way to target thousands of MSPs and their downstream customers. Company urges customers to treat issue as a top priority [298 words]. What: ConnectWise has patched a critical,…
Four quick things to know about the critical bug in OpenSSL that will be disclosed Nov.1
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open…
CISA will adopt TLP version 2.0 on Nov. 1
Prepare now for move to the new version of FIRST’s standard for sharing security information [300 words]. What: Beginning Nov. 1, 2022, CISA will officially adopt version 2.0 of the Forum of…
Attackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May
Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in…
Google’s open-source GUAC initiative will make information for securing the software supply chain readily available to everyone.
GUAC will allow developers, auditors, and risk management teams to evaluate risk more easily in their codebases. What: Google is seeking contributors to a new open-source project it has launched called Graph…
HelpSystems releases Cobalt Strike 4.7.2 to address new RCE vulnerability
Out-of-band update addresses an issue for which IBM X-Force researchers had wanted a new CVE, but which HelpSystems says is not specific to its software [300 words] What: HelpSystems on October 17…
California, Texas tops list of states with most cybersecurity job openings
For the year ended Sept. 2022 employers listed close to 770K job openings for cybersecurity professionals. Security analysts, pen-testers were among top required skills. CyberSeek’s interactive map shows the states and metro…