#ssl

Categories: Business Cybercriminals are more likely to target small-and-medium businesses for their perceived (and sometimes actual) lack of cyberdefenses. In this post, we break down five must-have technologies that help prevent cyberattacks for SMBs. (Read more...) The post 5 technologies that help prevent cyberattacks for SMBs  appeared first on Malwarebytes Labs.

Categories: News Tags: SIM Tags: network Tags: card Tags: identity Tags: phone Tags: registration Tags: privacy We take a look at a story involving the requirement for ID when buying a SIM card, as a method for combating spam. (Read more...) The post The privacy concerns of tying SIM cards to real identities appeared first on Malwarebytes Labs.

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.

WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Rocket LMS version 1.6 suffers from a remote shell upload vulnerability.

The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.