🕴 How to Achieve Collaboration Tool Compliance 🕴
📖 Read
via "Dark Reading".
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.📖 Read
via "Dark Reading".
Dark Reading
How to Achieve Collaboration Tool Compliance - Dark Reading
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
🔏 Friday Five 1/15 🔏
📖 Read
via "Digital Guardian".
Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 1/15
Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week's infosec news with the Friday Five!
🛠 WhatWeb Scanner 0.5.5 🛠
📖 Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.📖 Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.5 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2019-16961 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35733 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.📖 Read
via "National Vulnerability Database".
🦿 CES 2021: All of the business tech news you need to know 🦿
📖 Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.📖 Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
❌ Google Boots 164 Apps from Play Marketplace for Shady Ad Practices ❌
📖 Read
via "Threat Post".
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.📖 Read
via "Threat Post".
Threat Post
Google Boots 164 Apps from Play Marketplace for Shady Ad Practices
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.
🦿 How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting 🦿
📖 Read
via "Tech Republic".
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.📖 Read
via "Tech Republic".
TechRepublic
How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.
❌ Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls ❌
📖 Read
via "Threat Post".
Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.📖 Read
via "Threat Post".
Threat Post
Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls
Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.
🕴 Successful Malware Incidents Rise as Attackers Shift Tactics 🕴
📖 Read
via "Dark Reading".
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.📖 Read
via "Dark Reading".
Dark Reading
Successful Malware Incidents Rise as Attackers Shift Tactics
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
‼ CVE-2021-22168 ‼
📖 Read
via "National Vulnerability Database".
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22166 ‼
📖 Read
via "National Vulnerability Database".
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22167 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26414 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22171 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20189 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24640 ‼
📖 Read
via "National Vulnerability Database".
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21244 ‼
📖 Read
via "National Vulnerability Database".
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21243 ‼
📖 Read
via "National Vulnerability Database".
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24639 ‼
📖 Read
via "National Vulnerability Database".
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24641 ‼
📖 Read
via "National Vulnerability Database".
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.📖 Read
via "National Vulnerability Database".