Welcome to another Lunch Time breakout:
Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution.
The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.
Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution.
The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.
Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost
Compliance services are emerging as one of the hottest areas of cybersecurity.
While compliance used to be mainly the province of large enterprises, times have changed, and it is now a day-to-day concern for a growing number of small and medium businesses.
Even when these organizations are not regulated, SMEs often aim to follow compliance and/or security frameworks either for their own risk
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022.
Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated
Follow for more…