βΌ CVE-2021-25763 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25761 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25208 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28653 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2506 βΌ
π Read
via "National Vulnerability Database".
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.π Read
via "National Vulnerability Database".
π΄ SolarWinds Attackers Spent Months in Corporate Email System: Report π΄
π Read
via "Dark Reading".
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.π Read
via "Dark Reading".
Dark Reading
SolarWinds Attackers Spent Months in Corporate Email System: Report
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
π΄ An Observability Pipeline Could Save Your SecOps Team π΄
π Read
via "Dark Reading".
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.π Read
via "Dark Reading".
Dark Reading
An Observability Pipeline Could Save Your SecOps Team
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
π¦Ώ Account takeover attacks spiked in 2020, Kaspersky says π¦Ώ
π Read
via "Tech Republic".
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.π Read
via "Tech Republic".
TechRepublic
Account takeover attacks spiked in 2020, Kaspersky says
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.
π¦Ώ How a global law enforcement effort took down the Emotet botnet π¦Ώ
π Read
via "Tech Republic".
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.π Read
via "Tech Republic".
TechRepublic
How a global law enforcement effort took down the Emotet botnet
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.
π How to Protect Data and Defend Against State-Sponsored Hackers π
π Read
via "Digital Guardian".
NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.π Read
via "Digital Guardian".
Digital Guardian
How to Protect Data and Defend Against State-Sponsored Hackers
NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.
β New Malware Hijacks Kubernetes Clusters to Mine Monero β
π Read
via "Threat Post".
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.'π Read
via "Threat Post".
Threat Post
New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.'
βΌ CVE-2020-9388 βΌ
π Read
via "National Vulnerability Database".
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9390 βΌ
π Read
via "National Vulnerability Database".
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9389 βΌ
π Read
via "National Vulnerability Database".
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.π Read
via "National Vulnerability Database".
π΄ Patch Imperfect: Software Fixes Failing to Shut Out Attackers π΄
π Read
via "Dark Reading".
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.π Read
via "Dark Reading".
Dark Reading
Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.
β Emotetβs Takedown: Have We Seen the Last of the Malware? β
π Read
via "Threat Post".
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.π Read
via "Threat Post".
Threat Post
Emotetβs Takedown: Have We Seen the Last of the Malware?
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.
β Second SolarWinds Attack Group Breaks into USDA Payroll β Report β
π Read
via "Threat Post".
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.π Read
via "Threat Post".
Threat Post
Second SolarWinds Attack Group Breaks into USDA Payroll β Report
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.
βΌ CVE-2021-26023 βΌ
π Read
via "National Vulnerability Database".
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26024 βΌ
π Read
via "National Vulnerability Database".
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.π Read
via "National Vulnerability Database".
π΄ Concerns Over API Security Grow as Attacks Increase π΄
π Read
via "Dark Reading".
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.π Read
via "Dark Reading".
Dark Reading
Concerns Over API Security Grow as Attacks Increase
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
βΌ CVE-2021-26689 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).π Read
via "National Vulnerability Database".