β CISOs Prep For COVID-19 Exposure Notification in the Workplace β
π Read
via "Threat Post".
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.π Read
via "Threat Post".
Threat Post
CISOs Prep For COVID-19 Exposure Notification in the Workplace
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.
π΄ The Data-Centric Path to Zero Trust π΄
π Read
via "Dark Reading".
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.π Read
via "Dark Reading".
Dark Reading
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
β Home schooling β how to stay secure β
π Read
via "Naked Security".
Whether youβre new to home schooling or an old hand, itβs worth taking a moment to ensure youβre doing it securely.π Read
via "Naked Security".
Naked Security
Home schooling β how to stay secure
Whether youβre new to home schooling or an old hand, itβs worth taking a moment to ensure youβre doing it securely.
β Sophisticated Hacks Against Android, Windows Reveals Zero-Day Trove β
π Read
via "Threat Post".
Watering-hole attacks executed by βexpertsβ exploited Chrome, Windows and Android flaws and were carried out on two servers.π Read
via "Threat Post".
Threat Post
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Watering-hole attacks executed by βexpertsβ exploited Chrome, Windows and Android flaws and were carried out on two servers.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
β Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data β
π Read
via "Threat Post".
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.π Read
via "Threat Post".
Threat Post
Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.
βΌ CVE-2021-21607 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21606 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21614 βΌ
π Read
via "National Vulnerability Database".
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21604 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21608 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21610 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21609 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21611 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3131 βΌ
π Read
via "National Vulnerability Database".
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21613 βΌ
π Read
via "National Vulnerability Database".
Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21612 βΌ
π Read
via "National Vulnerability Database".
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23900 βΌ
π Read
via "National Vulnerability Database".
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21605 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21602 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21603 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".