π΄ Patch Imperfect: Software Fixes Failing to Shut Out Attackers π΄
π Read
via "Dark Reading".
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.π Read
via "Dark Reading".
Dark Reading
Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.
β Emotetβs Takedown: Have We Seen the Last of the Malware? β
π Read
via "Threat Post".
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.π Read
via "Threat Post".
Threat Post
Emotetβs Takedown: Have We Seen the Last of the Malware?
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.
β Second SolarWinds Attack Group Breaks into USDA Payroll β Report β
π Read
via "Threat Post".
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.π Read
via "Threat Post".
Threat Post
Second SolarWinds Attack Group Breaks into USDA Payroll β Report
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.
βΌ CVE-2021-26023 βΌ
π Read
via "National Vulnerability Database".
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26024 βΌ
π Read
via "National Vulnerability Database".
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.π Read
via "National Vulnerability Database".
π΄ Concerns Over API Security Grow as Attacks Increase π΄
π Read
via "Dark Reading".
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.π Read
via "Dark Reading".
Dark Reading
Concerns Over API Security Grow as Attacks Increase
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
βΌ CVE-2021-26689 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2021-20016 βΌ
π Read
via "National Vulnerability Database".
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27247 βΌ
π Read
via "National Vulnerability Database".
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).π Read
via "National Vulnerability Database".
βΌ CVE-2020-13579 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021Γ’β¬β’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27248 βΌ
π Read
via "National Vulnerability Database".
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14245 βΌ
π Read
via "National Vulnerability Database".
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14246 βΌ
π Read
via "National Vulnerability Database".
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26687 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2020-13586 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13580 βΌ
π Read
via "National Vulnerability Database".
An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021Γ’β¬β’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26688 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2020-6088 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27249 βΌ
π Read
via "National Vulnerability Database".
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14247 βΌ
π Read
via "National Vulnerability Database".
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.π Read
via "National Vulnerability Database".
β Clearview Facial-Recognition Technology Ruled Illegal in Canada β
π Read
via "Threat Post".
The companyβs controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.π Read
via "Threat Post".
Threat Post
Clearview Facial-Recognition Technology Ruled Illegal in Canada
The companyβs controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.