Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Vulnerabilities
  • Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022
  • Critical Vulnerability
  • Vulnerabilities

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

4 years ago Andrew Swoboda
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.

Over a Dozen Flaws Found in Siemens’ Industrial Network Management System

Cybersecurity researchers have disclosed details of 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems, reports The Hacker News.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

15 vulnerabilities have been discovered in the Siemens SINEC network management system. Several of these vulnerabilities could be used to gain code execution on a vulnerable system. The vulnerabilities in question are tracked as CVE-2021-33722 through CVE-2021-33736. Siemens has provided an update for vulnerable systems, version V1.0 SP2 Update 1 was released on October 12, 2021.

Cisco will not address critical RCE in end-of-life Small Business RV routers

Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers, notes Security Affairs. Instead, the company encourages upgrading to newer models.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Certain Cisco Small Business RV routers are subject to a code execute/denial of service vulnerability. This vulnerability requires that remote management is enabled on WAN connections. This vulnerability exists because of improper validation of user input. An attacker could potentially execute code or cause denial of service conditions. Successful code execution provides an attacker with root-level privileges.

WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin

Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a critical vulnerability affecting the Ninja Forms plugin. The Wordfence threat intelligence team spotted the flaw in June and documented it in an advisory by the company on Thursday, announced IT Security Guru.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

WordPress released an update that was automatically applied to vulnerable systems. This update fixed a vulnerability that allowed attackers to use Ninja Forms to inject objects. Attackers could use NF_Admin_Processes_ImportForm to execute code using deserialization. The patch was applied to the following versions: 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4 and 3.6.11.

Google Chrome extensions can be fingerprinted to track you online

A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online, reports Bleeping Computer. To track users on the web, it is possible to create fingerprints, or tracking hashes, based on various characteristics of a device connecting to a website.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Google Chrome extensions can be used to fingerprint a system and track it. Systems can be tracked using certain characteristics such as the GPU and installed Windows applications. “zoccc”, a web developer, determined that a hash can be generated using the extensions that are installed. This technique uses the “web_accessible_resources.” Chrome extensions make certain assets available to websites or other extensions. zoccc discovered a resource timing comparison method that can be used to determine if an extension is installed.

Keep in Touch with Tripwire VERT

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.

Previous VERT Cybersecurity News Roundups

  • June 6, 2022
  • May 30, 2022
  • May 16, 2022
  • May 2, 2022
  • April 25, 2022
  • April 18, 2022
  • April 11, 2022
  • April 4, 2022
  • March 28, 2022

The post ” Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022″ appeared first on TripWire

Source:TripWire – Andrew Swoboda

Tags: Critical Severity, Google, Google Chrome, Hacker, Hacker News, TripWire

Continue Reading

Previous How to Protect Your Remote Workforce from a Cyberattack
Next Researchers Warn of ‘Matanbuchus’ Malware Campaign Dropping Cobalt Strike Beacons

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

3 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

7 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Vulnerabilities

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

How AI Hallucinations Are Creating Real Security Risks

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

11 hours ago [email protected] (The Hacker News)

Recent Posts

  • Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
  • Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
  • ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
  • Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
  • PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT