Month: May 2022

Original release date: May 31, 2022 Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the… Read more

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn. Read more

Original release date: May 30, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. 2022-05-24 7.5 CVE-2022-30455 MISC battleye — battleye BattlEye v0.9 contains an unquoted service path which allows attackers to… Read more

Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports. Read more

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks. Read more

Original release date: May 26, 2022 CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios:… Read more

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server. Read more

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur. Read more

Original release date: May 24, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no medium vulnerabilities recorded this week.… Read more

Original release date: May 24, 2022 CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click… Read more