Vulnerability Summary for the Week of September 5, 2022

apache — airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 2022-09-02 not yet calculated CVE-2022-38054 CONFIRM MLIST apache — airflow In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `–daemon` flag which could result in […]

How GRC protects the value of organizations — A simple guide to data quality and integrity

how-grc-protects-the-value-of-organizations-—-a-simple-guide-to-data-quality-and-integrity

Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a […]

Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks

asian-governments-and-organizations-targeted-in-latest-cyber-espionage-attacks

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. “A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to […]

Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research

iranian-hackers-target-high-value-targets-in-nuclear-security-and-genomic-research

Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security, and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm Proofpoint attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored […]

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

apple-releases-ios-and-macos-updates-to-patch-actively-exploited-zero-day-flaw

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. […]