Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
NOAA Blames China In Hack, Breaks Disclosure Rules
Newest First  |  Oldest First  |  Threaded View
RyanSepe
RyanSepe,
User Rank: Ninja
11/17/2014 | 7:31:57 AM
Re: Hmm...
Agreed. Its amazing that a faction of the government would be so irresponsible as to let simple security measures such as those go unnoticed. I think we need to take a good look at ourselves and ask how come this was the case. I would think this is most likely not the only scenario where this exists within there infrastructure and the Air Force or who ever explicitly governs Polar-Orbiting Operational Enviromental Satellites needs to take steps to get ahead of this.
Bprince
Bprince,
User Rank: Ninja
11/16/2014 | 10:59:44 AM
Hmm...
Seems like there was a little CYA going on that backfired. The most damning part: "the report noted that the Polar-Orbiting Operational Environmental Satellites system -- shared with the US Air Force -- was not protected by two-factor authentication, remote access restrictions, nor by mobile device management, and that patches were not deployed in a timely manner."

 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45045
PUBLISHED: 2022-12-01
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker...
CVE-2022-45640
PUBLISHED: 2022-12-01
Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).
CVE-2022-40489
PUBLISHED: 2022-12-01
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.
CVE-2022-40849
PUBLISHED: 2022-12-01
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's P...
CVE-2022-44262
PUBLISHED: 2022-12-01
ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).