Expert Recommends: Prepare for PQC Right Now

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex a...

Yokogawa CENTUM and Exaopc Permissions, Privileges, and Access Controls (CVE-2022-22141)

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

CVE-2022-22141

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

CVE-2022-22141

CVE-2022-22141 affects Yokogawa CENTUM CS 3000 (R3.08.10–R3.09.00), CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.08.00), and Exaopc (R3.72.00–R3.79.00). The issue is a permissions, privileges, and access controls vulnerability where the Long-term Data Archive Package service creat...

Yokogawa Exaopc 权限许可和访问控制问题漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from the "Long-term Data Archive Package" service creating named pipes with incorrect ACL configurations. The following products and...

A security architect’s POV on a mature data-centric security program, Part 3

In part one of this series, you learned about the challenges associated with accessing, and searching long-term retained database activity logs and identifying sensitive customer data to comply with stricter compliance regulations. In part two, you gained insight into how security professionals c...

Design/Logic Flaw

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page...

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...