Critical Sophos Firewall vulnerability allows remote code execution.

Views expressed in this cybersecurity-cybercrime summary are those of the reporters and correspondents.

Accessed on 27 March 2022, 2242 UTC.

Content provided by “Security News Bundle” from https://feedly.com.

Source:

http://eedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please click link or scroll down to read your selections.

Western Digital addressed a critical bug in My Cloud OS 5
Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution with root privileges. Western Digital has addressed a critical vulnerability, tracked as CVE-2021-44142 , that could have allowed attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. The CVE-2021-44142 flaw affects the following dev

TODAY

Sophos Firewall affected by a critical authentication bypass flaw
Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) a
Windows 11 22H2: Everything we know so far
Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this year. Unlike the original Windows 11 release, it won’t be a massive update with radical design changes. Instead, Sun Valley 2 will be similar to Windows 10 Anniversary Update, so you can expect minor improvements and a few new features. […]
Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. March 25 – Anonymous leaked 28GB of data stolen from the Central Bank of Russia Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia March 25 – Chinese threat actor Scarab targets Ukraine, CERT-UA war
Security Affairs newsletter Round 358 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here . FCC adds Kaspersky to Covered List due to unacceptable risks to national security Anonymous leaked 28GB of data stolen from the Central Bank of Ru

YESTERDAY

CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog . ⓘ According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , F

END OF FEED


For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.  Thanks for joining us today.

Russ Roberts

https://cyber-security-intelligence.org

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, information security)