🕴 Even Small Nations Have Jumped into the Cyber Espionage Game 🕴
📖 Read
via "Dark Reading".
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.📖 Read
via "Dark Reading".
Dark Reading
Even Small Nations Have Jumped into the Cyber Espionage Game
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a zero-click iMessage exploit that targeted journalists last year.
🦿 Homebrew: How to install vulnerability tools on macOS 🦿
📖 Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to assess vulnerabilities and the security posture of the devices on your network.📖 Read
via "Tech Republic".
TechRepublic
Homebrew: How to install vulnerability tools on macOS
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to assess vulnerabilities and the security posture of the devices on your network.
🦿 10 fastest-growing cybersecurity skills to learn in 2021 🦿
📖 Read
via "Tech Republic".
People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck.📖 Read
via "Tech Republic".
❌ Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws ❌
📖 Read
via "Threat Post".
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.📖 Read
via "Threat Post".
Threat Post
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.
❌ Biden to Appoint Cybersecurity Advisor to NSC – Report ❌
📖 Read
via "Threat Post".
Anne Neuberger will join the National Security Council, according to sources.📖 Read
via "Threat Post".
Threat Post
Biden to Appoint Cybersecurity Advisor to NSC – Report
Anne Neuberger will join the National Security Council, according to sources.
🕴 State Dept. to Create New Cybersecurity & Technology Agency 🕴
📖 Read
via "Dark Reading".
Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.📖 Read
via "Dark Reading".
Dark Reading
State Dept. to Create New Cybersecurity & Technology Agency
Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.
🕴 FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack 🕴
📖 Read
via "Dark Reading".
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.📖 Read
via "Dark Reading".
Dark Reading
FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.
🦿 Homebrew: How to install exploit tools on macOS 🦿
📖 Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to exploit vulnerabilities found in your Apple equipment.📖 Read
via "Tech Republic".
TechRepublic
Homebrew: How to install exploit tools on macOS
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to exploit vulnerabilities found in your Apple equipment.
‼ CVE-2019-18642 ‼
📖 Read
via "National Vulnerability Database".
Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13452 ‼
📖 Read
via "National Vulnerability Database".
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13450 ‼
📖 Read
via "National Vulnerability Database".
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23242 ‼
📖 Read
via "National Vulnerability Database".
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13449 ‼
📖 Read
via "National Vulnerability Database".
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17500 ‼
📖 Read
via "National Vulnerability Database".
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23241 ‼
📖 Read
via "National Vulnerability Database".
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35745 ‼
📖 Read
via "National Vulnerability Database".
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13451 ‼
📖 Read
via "National Vulnerability Database".
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-18643 ‼
📖 Read
via "National Vulnerability Database".
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4.📖 Read
via "National Vulnerability Database".
🕴 Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020 🕴
📖 Read
via "Dark Reading".
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.📖 Read
via "Dark Reading".
Dark Reading
Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
‼ CVE-2020-36048 ‼
📖 Read
via "National Vulnerability Database".
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36049 ‼
📖 Read
via "National Vulnerability Database".
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.📖 Read
via "National Vulnerability Database".