π¦Ώ SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business π¦Ώ
π Read
via "Tech Republic".
The highly sophisticated SolarWinds attack was designed to circumvent threat detectionβand it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.π Read
via "Tech Republic".
π¦Ώ Is your boss spying on you? It's possible, and privacy laws aren't there yet π¦Ώ
π Read
via "Tech Republic".
Some companies are using monitoring software to keep tabs on employees working from home. Some organizations are crying foul.π Read
via "Tech Republic".
TechRepublic
Is your boss spying on you? It's possible, and privacy laws aren't there yet
Some companies are using monitoring software to keep tabs on employees working from home. Some organizations are crying foul.
π¦Ώ Vishing: FBI says beware of voice phishing at large organizations π¦Ώ
π Read
via "Tech Republic".
Attackers are tricking employees into logging into phishing sites.π Read
via "Tech Republic".
TechRepublic
Vishing: FBI says beware of voice phishing at large organizations
Attackers are tricking employees into logging into phishing sites.
βΌ CVE-2021-3345 βΌ
π Read
via "National Vulnerability Database".
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20586 βΌ
π Read
via "National Vulnerability Database".
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.π Read
via "National Vulnerability Database".
β Industrial Gear at Risk from Fuji Code-Execution Bugs β
π Read
via "Threat Post".
Fuji Electricβs Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.π Read
via "Threat Post".
Threat Post
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electricβs Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
βΌ CVE-2021-3346 βΌ
π Read
via "National Vulnerability Database".
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3347 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23328 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.π Read
via "National Vulnerability Database".
π΄ FBI Encounters: Reporting an Insider Security Incident to the Feds π΄
π Read
via "Dark Reading".
Most insider incidents don't get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality?π Read
via "Dark Reading".
Dark Reading
FBI Encounters: Reporting an Insider Security Incident to the Feds
Most insider incidents don't get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality?
π΄ Ransomware Payoffs Surge by 311% to Nearly $350 Million π΄
π Read
via "Dark Reading".
Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.π Read
via "Dark Reading".
Darkreading
Ransomware Payoffs Surge by 311% to Nearly $350 Million
Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.
π¦Ώ Distributed denial of service (DDoS) attacks: A cheat sheet π¦Ώ
π Read
via "Tech Republic".
This comprehensive guide covers different types of denial of service attacks, DDoS protection strategies, as well as why it matters for business.π Read
via "Tech Republic".
TechRepublic
Distributed denial of service (DDoS) attacks: A cheat sheet
This comprehensive guide covers different types of denial of service attacks, DDoS protection strategies, as well as why it matters for business.
βΌ CVE-2021-25134 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25130 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29557 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25129 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24666 βΌ
π Read
via "National Vulnerability Database".
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1π Read
via "National Vulnerability Database".
βΌ CVE-2021-25131 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24669 βΌ
π Read
via "National Vulnerability Database".
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25125 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24670 βΌ
π Read
via "National Vulnerability Database".
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.π Read
via "National Vulnerability Database".