βΌ CVE-2021-25229 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0346 βΌ
π Read
via "National Vulnerability Database".
In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05371580.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25248 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25246 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0348 βΌ
π Read
via "National Vulnerability Database".
In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25245 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25243 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25236 βΌ
π Read
via "National Vulnerability Database".
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25239 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0345 βΌ
π Read
via "National Vulnerability Database".
In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974.π Read
via "National Vulnerability Database".
β Android Devices Prone to Botnetβs DDoS Onslaught β
π Read
via "Threat Post".
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.π Read
via "Threat Post".
Threat Post
Android Devices Prone to Botnetβs DDoS Onslaught
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.
π΄ Microsoft Says It's Time to Attack Your Machine-Learning Models π΄
π Read
via "Dark Reading".
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Web Application Attacks Grow Reliant on Automated Tools π΄
π Read
via "Dark Reading".
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.π Read
via "Dark Reading".
Dark Reading
Web Application Attacks Grow Reliant on Automated Tools
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
π΄ IBM Offers $3M in Grants to Defend Schools from Cyberattacks π΄
π Read
via "Dark Reading".
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.π Read
via "Dark Reading".
Dark Reading
IBM Offers $3M in Grants to Defend Schools from Cyberattacks
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.
π΄ Google's Payout to Bug Hunters Hits New High π΄
π Read
via "Dark Reading".
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.π Read
via "Dark Reading".
Dark Reading
Google's Payout to Bug Hunters Hits New High
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.
β Chrome zero-day browser bug found β patch now! β
π Read
via "Naked Security".
Google is playing its cards close to its chest to avoid giving too much away.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ AI and APIs: The A+ Answers to Keeping Data Secure and Private π΄
π Read
via "Dark Reading".
Many IT and security leaders view regulations and internal processes designed to manage and secure data as additional red tape, slowing processes and innovation. Nothing could be further from the truth.π Read
via "Dark Reading".
Dark Reading
AI and APIs: The A+ Answers to Keeping Data Secure and Private
Many IT and security leaders view regulations and internal processes designed to manage and secure data as additional red tape, slowing processes and innovation. Nothing could be further from the truth.
π Friday Five 2/5 π
π Read
via "Digital Guardian".
Chrome updates, open source frameworks, and an interview with a cybercriminal - catch up on all of the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 2/5
Chrome updates, open source frameworks, and an interview with a cybercriminal - catch up on all of the week's infosec news with the Friday Five!
π΄ Cybercrime Goes Mainstream π΄
π Read
via "Dark Reading".
Organized cybercrime is global in scale and the second-greatest risk over the next decade.π Read
via "Dark Reading".
Dark Reading
Cybercrime Goes Mainstream
Organized cybercrime is global in scale and the second-greatest risk over the next decade.
β Ransomware Attacks Hit Major Utilities β
π Read
via "Threat Post".
Electrobras, the largest power company in Latin America, faced a temporary suspension of some operations.π Read
via "Threat Post".
Threat Post
Ransomware Attacks Hit Major Utilities
Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations.
βΌ CVE-2021-26711 βΌ
π Read
via "National Vulnerability Database".
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.π Read
via "National Vulnerability Database".