Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors
Microsoft’s May Patch Tuesday update is triggering authentication errors.
Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active...
Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
Vendor: Tesla, Inc.
Vendor URL: https://www.tesla.com
Versions affected: Attack tested with vehicle software v11.0 (2022.8.2 383989fadeea) and iOS app 4.6.1-891 (3784ebe63).
Systems Affected: Attack tested on Model 3. Model Y is likely...
Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay...
Vendor: Kwikset/Weiser (Spectrum Brands)
Vendor URLs: https://www.kwikset.com/kevo/smart-lock, https://www.weiserlock.com/en/kevo/default
Versions Affected: All versions. Attack tested on Kevo Generation 2 hardware with firmware v1.9.49 and Android application version Kevo 2.9.1.21765p.
Systems Affected: Kevo smart...
You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company’s attack surface and the “blast radius” of a potential attack.
Lately, I’ve started wondering if...
Actively Exploited Zero-Day Bug Patched by Microsoft
Microsoft’s May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
Microsoft has revealed 73 new patches...
Intel Memory Bug Poses Risk for Hundreds of Products
Dell and HP were among the first to release patches and fixes for the bug.
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products....
Hackers Actively Exploit F5 BIG-IP Bug
The bug has a severe rating of 9.8, public exploits are released.
Threat actors have started exploiting a critical bug in the application service provider F5’s BIG-IP modules after a...
FBI: Rise in Business Email-based Attacks is a $43B Headache
A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.
The FBI warned the global cost of business email compromise (BEC) attacks...
Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
Vendor: Ruby on Rails
Vendor URL: https://rubyonrails.org
Versions affected: versions prior to 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1
Operating Systems Affected: ALL
Author: Álvaro Martín Fraguas
Advisory URLs:
- https://groups.google.com/g/rubyonrails-security/c/Yg2tEh2UUqc
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
Accepted commit for the fix in...
Top Threats your Business Can Prevent on the DNS Level
Web-filtering solutions, a must-have for businesses of any size, will protect your corporate network from multiple origins.
The Domain Name System (DNS) is the underlying fabric that connects almost...
