The security flaw, tracked as CVE-2022-31107, is present in versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, and has been patched by Grafana in versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10.
Patches for these vulnerabilities are included in Drupal 9.4.3 and 9.3.19. The information disclosure flaw also impacts Drupal 7 and a fix has been included in version 7.91.
Kiran Ahuja, director of the Office of Personnel Management, told lawmakers on Thursday that her agency wants “to work with Congress to develop a government-wide cyber workforce plan that puts agencies on equal footing in competing for cyber talent.”
Several business associations have warned their members against this fraud after PSPCL issued a public notice regarding the same. Businessmen are also demanding that authorities take strict action against the people running this scam.
First on the list is CVE-2022-2030, an authenticated directory traversal vulnerability in the Common Gateway Interface (GLI) programs of some Zyxel firewalls. This was caused by specific character sequences within an improperly sanitized URL.
Settlements in class action lawsuits filed in the aftermath of two separate major breaches serve as the latest examples of threats and risks involving email hacks – as well as underlining the threat of litigation in the wake of such incidents.
The threat actor entry point was a system belonging to Costa Rica’s Ministry of Finance, to which a member of the group referred to as ‘MemberX’ gained access over a VPN connection using compromised credentials.
A large-scale campaign was found targeting Elastix VoIP telephony servers with over 500,000 malware samples, over a period of three months. The campaign’s goal was to plant a PHP web shell to run arbitrary commands on infected communications servers. The operation systematically exploited SIP servers from various manufacturers. Researchers have provided technical details regarding used […]
Discovered by Kaspersky security researchers via a dark web ransomware forum ad, Luna (Russian for moon) is very simple ransomware still under development and with limited capabilities based on the available command line options.
Google on Tuesday officially announced support for DNS-over-HTTP/3 (DoH3) for Android devices as part of a Google Play system update designed to keep DNS queries private.