❌ Ryuk Rakes in $150M in Ransom Payments ❌
📖 Read
via "Threat Post".
An examination of the malware gang's payments reveals insights into its economic operations.📖 Read
via "Threat Post".
Threat Post
Ryuk Rakes in $150M in Ransom Payments
An examination of the malware gang's payments reveals insights into its economic operations.
❌ A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets ❌
📖 Read
via "Threat Post".
Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021.📖 Read
via "Threat Post".
Threat Post
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021.
‼ CVE-2021-21116 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16013 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5019 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16023 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16040 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5022 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5018 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16036 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26186 ‼
📖 Read
via "National Vulnerability Database".
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16025 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21114 ‼
📖 Read
via "National Vulnerability Database".
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16034 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16035 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16042 ‼
📖 Read
via "National Vulnerability Database".
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21112 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16043 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21111 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16012 ‼
📖 Read
via "National Vulnerability Database".
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16033 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page.📖 Read
via "National Vulnerability Database".