Software Archives - CyberConvoy Blog

ServiceNow Data Exposure: A Wake-Up Call for Companies

Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to sensitive data

31 October

GitHub repos bombarded by info-stealing commits masked as Dependabot

These fake Dependabot contributions were made possible using stolen GitHub access tokens with the attackers' goal of injecting malicious code to steal the project's secrets

28 September

Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks

Users of the PS Gallery repository are advised to adopt policies that allow execution of only signed scripts

26 August

Hackers start using double DLL sideloading to evade detection

These attack variations begin with an initial vector that leverages a clean application that sideloads a second-stage payload which in turn, sideloads a malicious malware loader DLL

5 May

SonicWall warns web content filtering is broken on Windows 11 22H2

This results in Web Content Filtering (WCF) policies that enforce blocked categories to be no longer effective on impacted endpoints

9 February

Microsoft Defender ASR rule deletes Windows app shortcuts

The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction (ASR) rule was triggered erroneously

14 January

Unpatched 15-year old Python bug allows code execution in 350k projects

09/21/2022
Cyber News
Exploit, Hacking, Patching, PrivEsc, Python, Security, Software

Disclosed in 2007 and tagged as CVE-2007-4559, the security issue never received a patch, the only mitigation provided being a documentation update warning developers about the risk.

21 September

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs

The newly discovered security issue impacts Windows, Linux, and Mac versions of the application. It refers to Microsoft Teams storing user authentication tokens in clear text without protecting access to them.

14 September

NSA and CISA share tips to secure the software supply chain

09/10/2022
Cyber News
Hardening, Security, Software, SupplyChain

Developers will find helpful guidance from NSA and partners on developing secure code, verifying third party components, hardening the built environment, and delivering the code. Until all DevOps is DevSecOps, the software development lifecycle will be at risk

10 September