AMI Megarac Password reset interception via API

%PDF-1.6 %���� 200 0 obj <> endobj 230 0 obj <>/Filter/FlateDecode/ID\[<19015CDD8B1BDA448A511495D708C552>\]/Index\[200 51\]/Info 199 0 R/Length 133/Prev 200898/Root 201 0 R/Size 251/Type/XRef/W\[1 3 1\]>>stream h�bbd\`\`\`b\`\`z"���\[@$�� g3�,. ��̞ &o�Ʌ\`2D�<��"����2 �X\[6�/�t��k��޳\`q���c\`�=Yf�r��A&�����ty8H(F'�?S�;�Y� endstream endobj startxref 0 %%EOF 250 0 obj <>stream h�b\`\`�a\`\`:�$^}d@�@���р,&����f��b�����4����d��ݚ���Ռn :�ճO2<,Nd�&s�A���Gn>ӻ�{�\\����L3p��mdc\`��Q�$\`$�� endstream endobj 201 0 obj <>/Metadata 4 0 R/Outlines 8 0 R/PageLayout/OneColumn/Pages 198 0 R/StructTreeRoot 23 0 R/Type/Catalog>> endobj 202 0 obj <>/Font<>/ProcSet\[/PDF/Text/ImageC\]/XObject<>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 203 0 obj <>stream h޴�mO�8ǿ�\_� q��؎�Rۅ\]�h���.�x�-9��4( ���ߌ�>8���� N���������3�$��bBY,�)�����a�s�/��Ā�d�w���\_��� ��X�)a\_�/��L��\]�a�-5�4����5���~�WLHW��.u\]\*\*�?|�:�#�W2��Q� ��9�F���hxY�/�LD�+��4����h:K���K��(?�ʤL�I���/U���?���ø���|N�ǧ�Y�Ǵ�:V��i�8gJFg���v�w��OuL.9���g�s6}�e��9%�����l��� I�\_�s\]t�/�zGdL���|��kGe����Ŕ���zl�G�e2�&���4e<��� ZV&\[|���y}����w�yJ&�}��&�C6{��f��l�-�eż�=%�bV\]x�hZIm"$D���% g����5ίgzKq\*��p����i~'�M ��Rk<����qUia�&v���f����gԪ��z�FT^ABn+�ƅ%��:����l���;�:��n����ƿ�l�-����5{=�4�$Ml'M�OڮF�&��/��u����bbH#+������i<:�J��@��i^Yi�dK����\\���-�S��Q�A�V�^d!Y&$k��\_��?�M�����l���j��@�l1ͷ#f7 &͆ͦ�U���$wy�q�1�E�\`��n�a%e��\`�Jz"t\*�Nl�<@qѸ b?6��B;��1$+�i���4f�\[��=ј���G\\ܔLH�Y�Z��8�}f5�{֝"K�!�qu��fps}� ���I-�qntz �.$M���6�l�� �Fm�U\[�#��sͽ�w�E�p� Ͽ|<\]�C��oWc�mhtz�6��/fI����JP���ƴH����&|h�\*��+�V�b0��= ��a7^�W?���?����ƶe/%�F@��tq�I�/�/��7�\*\[�����J�R�j���4VE���# 75�άK��:̮�-�FB6�ܹa��p�8x����H�y���W����pk~�~S �Y��g0�Q\\�b aFQ�h�L �����C���c!��x��K�kT1���h���C�h5fEG�A �b\`�vU+

CVE-2022-26872

SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.

%PDF-1.7 %���� 75 0 obj <> endobj 100 0 obj <>/Encrypt 76 0 R/Filter/FlateDecode/ID\[<4F54C20543CA154FA285B97CE6545091><91F2217956FBE340806248B215D60CE9>\]/Index\[75 41\]/Info 74 0 R/Length 111/Prev 246323/Root 77 0 R/Size 116/Type/XRef/W\[1 3 1\]>>stream h�bbd\`\`\`b\`\`�L�A$�ɨ&�A$�"��2��o\`���L��E ��"L\`6�1$q5��� ��d\\ ��bG���ɿ ;��n�V��H5�?Ӊ��Rn endstream endobj startxref 0 %%EOF 115 0 obj <>stream V��>;��V��c��6��(}P��BPp��\_�DA�}���~�P��q��Η�φlr�\]n2��h�x,K����؉����a��RF�A�C��?\`�PC�M��R!1�h�PO�����(:w��.��=�򈲐��S������w����5��?\*��(�}�W�j endstream endobj 76 0 obj <>>>/Filter/Standard/Length 256/O(�p0c̹s��\\(�{#:\\(3���oTl�&���@���4�,�.쉍���Av)/OE(�m�~���4��X�&�bÑ�\\(�R5I#\\(%�C�)/P -1324/Perms(>v�����.�����J)/R 6/StmF/StdCF/StrF/StdCF/U(�#�}ᣚ���z�F��k�F\`>Z\\r�!Wj>��౭�v������S��)/UE(�q^ռ����zU\\n�o���b�Х���)/V 5>> endobj 77 0 obj <>/Metadata 5 0 R/OpenAction 78 0 R/PageLayout/SinglePage/Pages 73 0 R/StructTreeRoot 10 0 R/Type/Catalog>> endobj 78 0 obj <> endobj 79 0 obj <>/ProcSet\[/PDF/Text\]>>/Rotate 0/StructParents 0/Type/Page>> endobj 80 0 obj <>stream =��Fʤ��\\���W�=�w�j�ܞ$��{π�"��� 3�z\`��5wV����>�&�e���P��X�Ȯ��)V�8��Dh�)�t�����և~\`I"���h�?t�l�H.�\_��p���>1�":\*0Yp(�v}ڿ%����ʢ�Hx�Mh���2���r���,��z��҈�,�c���|��@�Z�U�eB�g%��gu/����ֆ�'n�$����!w���T\_� ���!J�CyN�a|�rd�V\\ r-Zc9��h��6���c�qs�\`�"3�g�:� �X�q�^��\_dU���~"��8���e�#�S�m'q�R�ŠFIl��yN,�6M�))��(z�����Z\]YG���8��^���(����\_Mv49�AF�D)���䚖�7��ڵ�F�G�ғ�+��gJ�.�ßs�@T,�Th���<ͬ�1��Բ4�� �#��zV!�\`�4 ��lB2J����>�!�:mڟC�4���a~0e+o�3�G�R�&���J�V�A��{\\�S��5\]b8����0�j}D(40�,�5�d0�I�P�&�Gw7Ȭ UOT}��+�2��?&\*n��'���Ȫ�2����\`@� ���ե\[fXs�ܾ�o~��l�g���jm��<͆3-�Q��I�~�z�L7��XYFQ?�8�XVC�~�u�ו�v�N� � �2���U?�����4�1Ǝ\_�>�K�����7�imk��n�h��9�X�F�f&�p�R�:�\*��R�K�\*Kyu��~�,u��)�|���Y��Lu���6��/�'���:� ���1 իT�B\]#����Y���� M�K��8�m�A��b�$A�

CVE-2023-22324

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.

**Description**

In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended.

**Impact**

The regex used was:

re.match("(?i)^%s" % domain, value)

This has two problems, first that only the beginning and not the end of the string is anchored. Second, that a dot in the domain matches any character as part of regex syntax.

Therefore, an allowlist of \["victim.com"\] could allow the domain "victimacomattacker.com" to be requested.

This has lower impact since the usual attacker aim in an SSRF is to request internal resources such as private IP addresses rather than an attacker's own domain. But, in a case where SafeURL had specifically been used to try to limit requests to a particular allowlist, say for example a PDF renderer, the finding would be more severe.

**Patches**

Fixed in #5

**References**

Server-side request forgery (SSRF)

CVE-2023-24622: Permissive regex leads to domain filter bypass

The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.

Skip to content

GitLab

*   *   GitLab: the DevOps platform
    *   Explore GitLab
    *   Install GitLab
    *   How GitLab compares
    *   Get started
    *   GitLab docs
    *   GitLab Learn
    
*   Pricing
*   Talk to an expert

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    *   Switch to GitLab Next
    
*   *   
    
    Projects Groups Snippets
    
*   Sign up now
*   Login
*   Sign in / Register
    

*   Organic Design
*   PdfBook
*   Merge requests
*   !6

**Fix command injection**

*   Review changes
    

*   
*   Download
    
*   Email patches
    
*   Plain diff
    

Merged Thomas Gerbet requested to merge tgerbet-enalean/PdfBook:command-injection into master Jan 24, 2023

*   Overview 3
*   Commits 1
*   Pipelines 0
*   Changes 1

The HtmlDocPath and Options options can now only be set via the global MediaWiki configuration.

Other options are now given to escapeshellarg() before being injected in the built command that will be executed via shell_exec().

CVE-2023-24612: Fix command injection (!6) · Merge requests · Organic Design / PdfBook · GitLab

By Owais Sultan
When the Cybercrime in a Pandemic World study (PDF) was released in late 2021, the report noted that…
This is a post from HackRead.com Read the original post: Why Cybersecurity Business Needs a Real-Time Collaboration Tool

When the Cybercrime in a Pandemic World study (PDF) was released in late 2021, the report noted that cybersecurity threats had risen 81% since the coronavirus raised its ugly head. It was a time of restrictive lockdowns, stay-at-home orders, and mask mandates. That was then, and this is now.

Cybersecurity companies are busier now than ever as businesses are facing higher cyberattack risks in an increasingly volatile threat landscape. And while there are many saying that the pandemic is over, the reality is that COVID-19 is still here. And so are cybersecurity risks.

Cybersecurity firms help businesses to safeguard against risks or recover if cyberattacks are successful. But one thing’s for sure: Cybersecurity firms can better help their customers if they themselves are functioning effectively. Cybersecurity firms can operate more efficiently and productively by using the right real-time collaboration tools.

**Featured snippet from the web**

The global cybersecurity market was valued at USD 200 billion in 2022 and is projected to expand at a compound annual growth rate (CAGR) of approximately 10% between 2023 to 2030. The importance of cybersecurity can be understood by recent developments, in which Google bought Mandiant cybersecurity firm for a whopping $5.4 billion.

Continue reading to see three benefits of real-time collaboration for cybersecurity companies.

**1\. Keep Teams Connected**

Does your cybersecurity company have teams spread out across the country or internationally? When keeping customers safe, your cybersecurity team members need to be connected. Real-time collaboration tools will ensure that your staff members can stay in touch regardless of location and time zone.

You don’t want anything to be lost in translation — something that can happen when teams are scattered over vast distances. But a good real-time collaboration tool will help to ensure everyone’s on the same page.

**2\. Saves Time**

Did you know that 67% of people feel inundated by the volume of email flooding into their inboxes and that 82% of them say they miss critical emails because of the high volume?

Also, 74% of workers feel guilty since they don’t have the time to read or respond to all the emails. If your cybersecurity team members communicate solely through email, your processes and procedures might not be as efficient as they could be. Email is a beautiful thing. But too much of a good thing can lead to less-than-optimal results. 

If members of your cybersecurity teams aren’t getting messages because of volume, it’ll take longer to complete mission-critical tasks. When considering the threat landscape facing businesses that come to your cybersecurity firm for help, you can appreciate the importance of meeting the threats head-on without needless delays.

There’s no time to waste. With a real-time collaboration solution, you’ll have what you need to ensure cybersecurity workers are efficient.

Are you ready to say goodbye to endless email exchanges? Instead of having problems linger, your cybersecurity staff will be able to tackle them quickly and get them fixed.

**3\. Save Money**

Your cybersecurity firm can also save money with the right real-time collaboration software. It’ll make some of the expensive solutions you may already have redundant. The right real-time collaboration software will allow your cybersecurity teams to meet up, exchange ideas, and jointly work on documents.

And you’ll be able to do all these things on one real-time collaboration tool rather than using multiple other solutions. You’ll get more efficiency and more productivity while also saving money.

Is your cybersecurity firm fully remote? If so, a real-time collaboration tool will be a godsend. While nothing beats having everyone in the same room, a real-time collaboration tool is the next best thing. Your remote workforce will be able to collaborate and get things done. You’ll find that a real-time collaboration application is almost as good as having everyone under one roof. 

One way to prepare your cybersecurity firm to meet the needs of clients is by ensuring everything is functioning correctly internally. You can get various tools to ensure your cybersecurity firm operates like a well-oiled machine. But one of the most effective is a good real-time collaboration solution. 

**Takeaway**

The importance of cybersecurity in today’s digital world cannot be understated. As businesses increasingly employ technology to help them work more efficiently, they also face the risk of a data security breach or cyberattack.

To mitigate this threat, companies must invest in appropriate cybersecurity measures and tools – such as a real-time collaboration tool – that can help protect their sensitive data from malicious actors.

A real-time collaboration tool is a crucial part of modern cybersecurity for businesses due to its ability to provide visibility over digital assets and transactions. With this type of software, organizations can track who has access to their systems and networks at any given moment, helping them identify unauthorized users or suspicious activity quickly.

Additionally, real-time collaboration tools allow multiple members of an organization’s IT department or cybersecurity teams to easily collaborate on tasks while ensuring all information is securely stored away from external actors.

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Why Cybersecurity Business Needs a Real-Time Collaboration Tool

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219701 was assigned to this vulnerability.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-0560: online-tours-travels-management-system/admin_practice_pdf_id.md at main · linmoren/online-tours-travels-management-system

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week.

And, there's proof of concept (PoC) exploit code circulating publicly, it added — though so far, in-the-wild attacks have yet to materialize.

The bug (CVE-2023-23560), which carries a score of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability in the "Web Services feature of newer Lexmark devices," according to the print giant's advisory (PDF).

The printers have an embedded Web server that allows users to view and remotely configure printer settings via an Internet portal. In a typical SSRF attack, an attacker can take over such a server and force it to make a connection either to internal resources housing sensitive information; or to external systems serving malware (or harvesting things like tokens and credentials).

Enterprise printers are a stealth entryway for threat actors into enterprise environments — but are often overlooked by IT security. However, as the community saw with the now-infamous "PrintNightmare" RCE flaw in Microsoft's Windows Print Spooler that sent security teams scrambling, they often have privileged access to internal resources, and that can be problematic.

Lexmark has issued a firmware patch and noted that disabling Web Services on TCP port 65002 altogether will also do the trick for protection.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Critical RCE Lexmark Printer Bug Has Public Exploit

By Deeba Ahmed
The new variant stood out among other malware because it can infect any attached removable USB device, e.g., floppy, flash, thumb drives, and any system the removable device is plugged into later. 
This is a post from HackRead.com Read the original post: PlugX Malware Sneaks Onto Windows PCs Through USB Devices

PlugX malware has been around for almost a decade and has been used by multiple actors of Chinese nexus and several other cybercrime groups.

The Palo Alto Networks Unit 42 incident response team has discovered a new variant of PlugX malware that is distributed via removable USB devices and targets Windows PCs. This should not come as a surprise since **95.6% of new malware** or their variants in 2022 targeted Windows.

According to Unit 42 researchers, the new variant was detected when carrying out an incident response post a Black Basta ransomware attack. The researchers uncovered several malware samples and tools on the victims’ devices. This includes the Brute Ratel C4 red-teaming tool, **GootLoader malware**, and an old PlugX sample.

PlugX malware has been around for almost a decade and has been used by multiple actors of Chinese nexus and several other cybercrime groups. The malware was previously used in many high-profile cyberattacks, such as the 2015 U.S. Government Office of Personnel Management **(OPM) breach**.

The same backdoor was also used in the **2018 malware attack** on the Android devices of minority groups in China. Most recently, **in November 2022**, researchers linked Google Drive phishing scams to the group infamously known for using PlugX malware.

**Scope of Infection**

The new variant stood out among other malware because it could infect any attached removable USB device, e.g., floppy, flash, thumb drives, and any system the removable device was plugged into later.

So far, no evidence connects the PlugX backdoor or Gootkit to the **Black Basta ransomware** group, and researchers believe another actor could have deployed it. Moreover, researchers noted that the malware could copy all Adobe PDF and **Microsoft Word documents** from the host and places them in a hidden folder on the USB device. The malware itself creates this folder.

**Malware Analysis**

Unit 42 researchers Jen Miller-Osborn and Mike Harbison explained in their **blog post** that this variant of PlugX malware is a wormable, second-stage implant. It **infects USB devices** and stays concealed from the Windows operating file system. The user would not suspect that their USB device is being exploited to exfiltrate data from networks. 

PlugX’s USB variant is different because it uses a specific Unicode character called non-breaking space/ U+00A0 to hide files in a USB device plugged into a workstation. This character prevents the Windows OS from rendering the directory name instead of leaving an anonymous folder in Explorer.

Furthermore, the malware can hide actor files in a removable USB device through a novel technique, which even works on the **latest Windows OS**. 

The malware is designed to infect the host and copy the malicious code on any removable device connected to the host by hiding it in a recycle bin folder. Since MS Windows OS by default doesn’t show hidden files, the malicious files in recycle bin aren’t displayed, but, surprisingly, it isn’t shown even with the settings enabled. These malicious files can be viewed/downloaded only on a Unix-like OS or through mounting the USB device in a forensic tool.

1.  **Schneider Electric Shipped USB Drives with Malware**
2.  **FBI warns of hackers mailing** **ransomware USB drives**
3.  **USB Wormable Raspberry Robin Malware Hits Windows**
4.  **Malware tool steals files from airgapped PCs using USBs**
5.  **Hackers sending malware USBs with Best Buy Gift Cards**

PlugX Malware Sneaks Onto Windows PCs Through USB Devices

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Adam Bannister 27 January 2023 at 16:48 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

“A far-reaching, catastrophic cyber event is likely in the next two years” according to 93% of cybersecurity experts and 86% of business leaders polled by the World Economic Forum (WEF).

Geopolitical instability and the enduring shortage of cybersecurity skills are making the situation more precarious and causing firms to rethink their presence in certain regions, revealed the WEF’s Global Cybersecurity Outlook 2023 report, which canvassed the views of 300 experts and C-suite executives.

In the meantime, we’re still seeing plenty of very, very bad cyber-attacks and breaches. Most recently, there’s been another mega breach at T-Mobile (37 million customers affected this time), the theft of source code and ensuing $10 million ransom demand from video games developer Riot Games, and the inadvertent exposure by an airline of the US government’s No Fly List, a roll call of suspected terrorists, from 2019.

The LastPass situation is also continuing to evolve following the November breach of its password vaults in November, with the latest update from the beleaguered password manager admitting that “a threat actor exfiltrated encrypted backups from a third-party cloud storage service”.

While rival services will no doubt spy an opportunity to grow their market share given the market leader’s reputational crash, the hack is also perhaps bringing unprecedented scrutiny to the hitherto highly regarded field. Indeed, The Daily Swig recently reported on how several popular password managers auto-filled credentials on untrusted websites, while Bitwarden responded to renewed criticism of its encryption scheme by enhancing its default security configuration.

A fruitful security audit of Git’s source code is another notable story we covered since the last edition of Deserialized.

Here are some more web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   OpenText / Critical / Pre-auth RCEs via cs.exe and Java frontend plus multiple post-authentication vulnerabilities / Disclosed with patch January 17
*   Rancher API / Critical / A patch rolled out in September 2022 failed to stop secrets, encryption keys, and SSH keys from being stored in plaintext directly on Kubernetes objects like Clusters / Disclosed and patched January 26
*   Tiki Tiki CMS / Critical / Unauthenticated attackers could execute arbitrary code by combining CSRF with PHP object injection in the popular open source, wiki-based CMS / Patched August 23, disclosed January 9
*   VMware vRealize Log Insight / Critical / Directory traversal, broken access control, deserialization, information disclosure vulnerabilities / Disclosed with patch January 24
*   Zoho manageEngine / Critical / PoC and in-the-wild exploitation raises the stakes regarding patching on premise Zoho ManageEngine products against this RCE vulnerability after a surfaced / Disclosed and patched October 27

**Research and attack techniques**

*   Vulnerabilities in popular open source health records and medical practice management platform OpenEMR allowed remote attackers to execute arbitrary system commands on any OpenEMR server and to steal sensitive patient data – and worse still, remote code execution (courtesy of Sonar)
*   Jerry Shah recounts how he found an API misconfiguration on a SwaggerUI endpoint in an unnamed web application on a private bug bounty program that leaked the authorization token from local storage
*   ChatGPT lowers the barriers to entry for threat actors with limited programming or technical skills, but state-backed miscreants are unlikely to gain operational efficiencies from the unnervingly sophisticated chatbot tool, according to Recorded Future
*   Maksym Yaremchuk – number 80 on HackerOne’s all-time leaderboard, no less – details a pair of critical severity account takeover exploits fashioned during an engagement with a private bug bounty program
*   GitHub researcher Man Yue Mo achieves arbitrary kernel code execution and root on a Google Pixel 6 mobile phone from an Android app

ChatGPT lowers the barriers to entry for cybercrime but is of little use to state-backed cybercrooks

**Bug bounty / vulnerability disclosure**

*   Security researchers can mathematically prove the existence of a software vulnerability without revealing details that in the wrong hands could lead to malicious exploitation, explains a recent New Scientist feature (paywall)
*   Intigriti has penned a blog post on the safe harbor clause for researchers created by the Belgian Act on the Protection of Whistleblowers
*   The Daily Swig recently reported on the upcoming third annual Hack The Pentagon challenge, CORS misconfigurations at Tesla and other, unnamed programs earning researchers a “few thousand dollars”, and Google Cloud Platform (GCP) project vulnerabilities netting researchers more than $22,000
*   Other recent writeups include a $3,000 bounty for a reflected XSS in Microsoft Forms, while Bug Bounty Switzerland’s inaugural ‘vulnerability of the month’ related to a time-limited private program and thousands of appliances exposed to the internet
*   Bug hunter interviews with British hacker and YouTuber ‘InsiderPhD’ and ‘TodayIsNew’ have been published by HackerOne and Bugcrowd, respectively

**New open source infosec/hacking tools**

*   Gato – or GitHub Attack Toolkit – evaluates the impact of compromised personal access tokens within GitHub development environments. Enables tracking of public repos that use self-hosted runners, which GitHub recommends are only deployed in private repos because otherwise “forks of your public repository can potentially run dangerous code on your self-hosted runner machine by creating a pull request that executes the code in a workflow”
*   Highlighter And Extractor (HaE) – Paris-based crowdsourced security platform YesWeHack has released a Burp Suite extension that collects, categorizes, and highlights requests and/or responses to help detect vulnerable code patterns, errors, reflections, and more in a passive enumeration process
*   PyCript – Another Burp Suite extension, this time allowing the bypassing of client-side encryption via custom logic for manual and automation testing with Python and NodeJS
*   SeeProxy – Golang reverse proxy with CobaltStrike malleable profile validation
*   CVE-2022-47966 Scanner – Assess your exposure to the critical RCE bug affecting at least 24 on-premise ManageEngine products and currently being actively exploited

**More industry news**

*   NIST trails potential updates (PDF) to the NIST Cybersecurity Framework and invites the infosec community to offer feedback
*   In other US federal agency news, the NSA issues IPv6 security guidance (PDF), CISA updates best practices for mapping to Mitre Attack Framework (PDF), and CISA, NSA, and MS-ISAC jointly warn (PDF) of malicious use of legitimate remote monitoring and management (RMM) software
*   Google documents progress on leveraging case randomization of DNS query names sent to authoritative nameservers in order to mitigate the impact of cache poisoning attacks
*   Google also follows through on its intention to drop TrustCor Systems as a root certificate authority (CA) for Chrome, confirming a timetable for ceasing to recognize its certificates
*   Cloud-based cyber-attacks jump 48% year on year as malicious hackers spy opportunities in digital transformation trend – Check Point report

PREVIOUS EDITION Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more

Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 20 and Jan. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Tag

#pdf