Posts

Cybersecurity Updates For Week 6 of 2022

Argo CD High Severity Vulnerabilit – CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

Read more:
https://www.armosec.io/blog/cve-2022-24348-argo-kubernetes/

Windows DNS Server Remote Code Execution Vulnerability – CVE-2022-21984

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account over the network.

Read more:
https://dirteam.com/sander/2022/02/08/windows-server-2022-suffers-a-windows-dns-server-remote-code-execution-vulnerability-cve-2022-21984/

SAP Critical Vulnerabilities in business applications

SAP released three patches for all impacted systems of a possible security attack while Onapsis helped provide a free open-source vulnerability scanner tool to assist all SAP customers affected to immediately address these issues.

Read More:
https://blogs.sap.com/2022/02/08/sap-partners-with-onapsis-to-identify-and-patch-cybersecurity-vulnerabilities/

Other news worth mentioning:

PrivateLoader: The first step in many malware schemes
Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
France Rules That Using Google Analytics Violates GDPR Data Protection Law