Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33128PUBLISHED: 2022-06-25RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
CVE-2021-40894PUBLISHED: 2022-06-24A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.
CVE-2022-32997PUBLISHED: 2022-06-24The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVE-2022-32998PUBLISHED: 2022-06-24The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVE-2022-32999PUBLISHED: 2022-06-24The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
User Rank: Ninja
4/7/2017 | 1:23:49 PM
Talk to most die-hard security pros -- the really good ones, and the ones who do nothing OTHER than cybersecurity for a living -- and their use of social networks is minimal (if not non-existent). Moreover, they put minimal -- if any -- true PII on those social networks. So their risk is already quite small.
Moreover, it is becoming increasingly the viewpoint of the top InfoSec pros and punditry that changing passwords frequently is NOT a best practice -- and can actually be detrimental.
The study may be headline grabbing, but I am unconcerned.