‼ CVE-2021-25769 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25772 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25758 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25757 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Hub before 2020.1.12629, an open redirect was possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25768 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27994 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35482 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25765 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27222 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because it sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshakes failure with TLS parameter mismatch. The server must be restarted to recover this. This allow clients to force a DoS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25763 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25761 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25208 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28653 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2506 ‼
📖 Read
via "National Vulnerability Database".
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.📖 Read
via "National Vulnerability Database".
🕴 SolarWinds Attackers Spent Months in Corporate Email System: Report 🕴
📖 Read
via "Dark Reading".
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.📖 Read
via "Dark Reading".
Dark Reading
SolarWinds Attackers Spent Months in Corporate Email System: Report
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
🕴 An Observability Pipeline Could Save Your SecOps Team 🕴
📖 Read
via "Dark Reading".
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.📖 Read
via "Dark Reading".
Dark Reading
An Observability Pipeline Could Save Your SecOps Team
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
🦿 Account takeover attacks spiked in 2020, Kaspersky says 🦿
📖 Read
via "Tech Republic".
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.📖 Read
via "Tech Republic".
TechRepublic
Account takeover attacks spiked in 2020, Kaspersky says
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.
🦿 How a global law enforcement effort took down the Emotet botnet 🦿
📖 Read
via "Tech Republic".
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.📖 Read
via "Tech Republic".
TechRepublic
How a global law enforcement effort took down the Emotet botnet
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.
🔏 How to Protect Data and Defend Against State-Sponsored Hackers 🔏
📖 Read
via "Digital Guardian".
NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.📖 Read
via "Digital Guardian".
Digital Guardian
How to Protect Data and Defend Against State-Sponsored Hackers
NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.
❌ New Malware Hijacks Kubernetes Clusters to Mine Monero ❌
📖 Read
via "Threat Post".
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.'📖 Read
via "Threat Post".
Threat Post
New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.'
‼ CVE-2020-9388 ‼
📖 Read
via "National Vulnerability Database".
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.📖 Read
via "National Vulnerability Database".