🕴 Microsoft Security Business Exceeds $10B in Revenue 🕴
📖 Read
via "Dark Reading".
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.📖 Read
via "Dark Reading".
Darkreading
Microsoft Security Business Exceeds $10B in Revenue
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
‼ CVE-2020-4189 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5427 ‼
📖 Read
via "National Vulnerability Database".
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4865 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20357 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4547 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4786 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4787 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4855 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5428 ‼
📖 Read
via "National Vulnerability Database".
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4952 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4524 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3318 ‼
📖 Read
via "National Vulnerability Database".
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4789 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.📖 Read
via "National Vulnerability Database".
❌ Sudo Bug Gives Root Access to Mass Numbers of Linux Systems ❌
📖 Read
via "Threat Post".
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.📖 Read
via "Threat Post".
Threat Post
Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.
🦿 Emotet malware taken down by global law enforcement effort 🦿
📖 Read
via "Tech Republic".
The infamous botnet has been disrupted thanks to an international effort across the US, Canada, and several European nations.📖 Read
via "Tech Republic".
TechRepublic
Emotet malware taken down by global law enforcement effort
The infamous botnet has been disrupted thanks to an international effort across the US, Canada, and several European nations.
❌ Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming ❌
📖 Read
via "Threat Post".
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.📖 Read
via "Threat Post".
Threat Post
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.
❌ NetWalker Ransomware Suspect Charged: Tor Site Seized ❌
📖 Read
via "Threat Post".
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.📖 Read
via "Threat Post".
Threat Post
NetWalker Ransomware Suspect Charged: Tor Site Seized
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.
‼ CVE-2021-26118 ‼
📖 Read
via "National Vulnerability Database".
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3325 ‼
📖 Read
via "National Vulnerability Database".
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22653 ‼
📖 Read
via "National Vulnerability Database".
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".