Cyber security news December 2022

This posting is here to collect cyber security news in December 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

355 Comments

  1. Tomi Engdahl says:

    Guardian hit by serious IT incident believed to be ransomware attack
    https://www.theguardian.com/media/2022/dec/21/guardian-hit-by-serious-it-incident-believed-to-be-ransomware-attack
    Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

    Reply
  2. Tomi Engdahl says:

    https://hackaday.com/2022/12/30/this-week-in-security-adblock-for-security-proxynotshell-lives-and-cvss-10-to-not-worry-about/
    LastPass isn’t the only password manager in the news, and the problems found in Passwordstate makes the recent LastPass issues seem like the most minor of inconveniences. Passwordstate is an enterprise solution for password management. Researchers at modzero started with the browser extension, that allows a user to access saved passwords. To authenticate, a token is generated and sent to the server. Turns out, that token is just the username and other user information, XOR’d with a static, universal key. And on the server side, the only check that happens is on the username. So on any Passwordstate install anywhere, if you can talk to the API, and know a valid username, you can pull every password accessible to that account.

    Better Make Sure Your Password Manager Is Secure
    Or Someone Else Will
    https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*