Vulnerability Summary for the Week of July 25, 2022

vulnerability-summary-for-the-week-of-july-25,-2022

@ianwalter/merge — @ianwalter/merge   All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. 2022-07-25 not yet calculated CVE-2021-23397CONFIRM adobe — acrobat_reader Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead […]

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

single-core-cpu-cracked-post-quantum-encryption-candidate-algorithm-in-just-an-hour

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour’s time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the fourth round […]

VirusTotal Reveals Most Impersonated Software in Malware Attacks

virustotal-reveals-most-impersonated-software-in-malware-attacks

Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. “One […]

On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams

on-demand-webinar:-new-ciso-survey-reveals-top-challenges-for-small-cyber-security-teams

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Nearly 60% of enterprises can’t find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study. The result? Heavier workloads, unfilled […]

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

researchers-warns-of-large-scale-aitm-attacks-targeting-enterprise-users

A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts. “It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication,” Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu said in a Tuesday report. “The campaign is specifically designed to reach end users […]

VMware Releases Patches for Several New Flaws Affecting Multiple Products

vmware-releases-patches-for-several-new-flaws-affecting-multiple-products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 – 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, […]