π΄ Cloud Security Startup Armo Emerges from Stealth with $4.5M π΄
π Read
via "Dark Reading".
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.π Read
via "Dark Reading".
Dark Reading
Cloud Security Startup Armo Emerges from Stealth with $4.5M
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.
β WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites β
π Read
via "Threat Post".
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.π Read
via "Threat Post".
Threat Post
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.
β Microsoft 365 Becomes Haven for BEC Innovation β
π Read
via "Threat Post".
Two new phishing tactics use the platform's automated responses to evade email filters.π Read
via "Threat Post".
Threat Post
Microsoft 365 Becomes Haven for BEC Innovation
Two new phishing tactics use the platform's automated responses to evade email filters.
βΌ CVE-2021-21254 βΌ
π Read
via "National Vulnerability Database".
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17380 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14418 βΌ
π Read
via "National Vulnerability Database".
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15690 βΌ
π Read
via "National Vulnerability Database".
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.π Read
via "National Vulnerability Database".
β GnuPG crypto library can be pwned during decryption β patch now! β
π Read
via "Naked Security".
Many, if not most, Linux distros will be affected. Users of other operating systems should check for software that uses libgcrypt.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-23329 βΌ
π Read
via "National Vulnerability Database".
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.π Read
via "National Vulnerability Database".
β Emotet takedown β Europol attacks βworldβs most dangerous malwareβ β
π Read
via "Naked Security".
Great news from Europol - if you've heard of Emotet, you'll have a good idea how badly things often end for its victims.π Read
via "Naked Security".
Naked Security
Emotet takedown β Europol attacks βworldβs most dangerous malwareβ
Great news from Europol β if youβve heard of Emotet, youβll have a good idea how badly things often end for its victims.
π¦Ώ Security chaos engineering helps you find weak links in your cyber defenses before attackers do π¦Ώ
π Read
via "Tech Republic".
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.π Read
via "Tech Republic".
TechRepublic
Security chaos engineering helps you find weak links in your cyber defenses before attackers do
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.
π΄ Strengthening Zero-Trust Architecture π΄
π Read
via "Dark Reading".
Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.π Read
via "Dark Reading".
Dark Reading
Strengthening Zero-Trust Architecture
Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.
βΌ CVE-2020-36109 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28194 βΌ
π Read
via "National Vulnerability Database".
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
π AIDE 0.17.1 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.17.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 3.4.3 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Rapid7 Acquires Alcide, Strengthens Focus on Cloud π΄
π Read
via "Dark Reading".
Its $50 million purchase of Alcide, a Kubernetes security provider, follows its 2020 acquisition of cloud security vendor DivvyCloud.π Read
via "Dark Reading".
Dark Reading
Rapid7 Acquires Alcide, Strengthens Focus on Cloud
Its $50 million purchase of Alcide, a Kubernetes security provider, follows its 2020 acquisition of cloud security vendor DivvyCloud.
β Alleged Gaming Software Supply-Chain Attack Installs Spyware β
π Read
via "Threat Post".
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices.π Read
via "Threat Post".
Threat Post
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices.
β Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code β
π Read
via "Threat Post".
The flaw in the free-source library could have been ported to multiple applications.π Read
via "Threat Post".
Threat Post
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications.
βΌ CVE-2020-28426 βΌ
π Read
via "National Vulnerability Database".
All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21277 βΌ
π Read
via "National Vulnerability Database".
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where "userControlledInput" is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a ".constructor.constructor" technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput.π Read
via "National Vulnerability Database".