In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds.
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description CVE-2022-0166 McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable
Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The compromise appears to have taken place in September of last year and was only recently made public. Users who used software obtained directly from the AccessPress website unknowingly provided attackers
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.
Original release date: January 20, 2022 F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system. CISA encourages users and administrators to review the
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration.
Original release date: January 20, 2022 CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021.
R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.