βΌ CVE-2021-0348 βΌ
π Read
via "National Vulnerability Database".
In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25245 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25243 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25236 βΌ
π Read
via "National Vulnerability Database".
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25239 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0345 βΌ
π Read
via "National Vulnerability Database".
In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974.π Read
via "National Vulnerability Database".
β Android Devices Prone to Botnetβs DDoS Onslaught β
π Read
via "Threat Post".
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.π Read
via "Threat Post".
Threat Post
Android Devices Prone to Botnetβs DDoS Onslaught
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.
π΄ Microsoft Says It's Time to Attack Your Machine-Learning Models π΄
π Read
via "Dark Reading".
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Web Application Attacks Grow Reliant on Automated Tools π΄
π Read
via "Dark Reading".
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.π Read
via "Dark Reading".
Dark Reading
Web Application Attacks Grow Reliant on Automated Tools
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
π΄ IBM Offers $3M in Grants to Defend Schools from Cyberattacks π΄
π Read
via "Dark Reading".
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.π Read
via "Dark Reading".
Dark Reading
IBM Offers $3M in Grants to Defend Schools from Cyberattacks
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.
π΄ Google's Payout to Bug Hunters Hits New High π΄
π Read
via "Dark Reading".
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.π Read
via "Dark Reading".
Dark Reading
Google's Payout to Bug Hunters Hits New High
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.
β Chrome zero-day browser bug found β patch now! β
π Read
via "Naked Security".
Google is playing its cards close to its chest to avoid giving too much away.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ AI and APIs: The A+ Answers to Keeping Data Secure and Private π΄
π Read
via "Dark Reading".
Many IT and security leaders view regulations and internal processes designed to manage and secure data as additional red tape, slowing processes and innovation. Nothing could be further from the truth.π Read
via "Dark Reading".
Dark Reading
AI and APIs: The A+ Answers to Keeping Data Secure and Private
Many IT and security leaders view regulations and internal processes designed to manage and secure data as additional red tape, slowing processes and innovation. Nothing could be further from the truth.
π Friday Five 2/5 π
π Read
via "Digital Guardian".
Chrome updates, open source frameworks, and an interview with a cybercriminal - catch up on all of the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 2/5
Chrome updates, open source frameworks, and an interview with a cybercriminal - catch up on all of the week's infosec news with the Friday Five!
π΄ Cybercrime Goes Mainstream π΄
π Read
via "Dark Reading".
Organized cybercrime is global in scale and the second-greatest risk over the next decade.π Read
via "Dark Reading".
Dark Reading
Cybercrime Goes Mainstream
Organized cybercrime is global in scale and the second-greatest risk over the next decade.
β Ransomware Attacks Hit Major Utilities β
π Read
via "Threat Post".
Electrobras, the largest power company in Latin America, faced a temporary suspension of some operations.π Read
via "Threat Post".
Threat Post
Ransomware Attacks Hit Major Utilities
Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations.
βΌ CVE-2021-26711 βΌ
π Read
via "National Vulnerability Database".
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36241 βΌ
π Read
via "National Vulnerability Database".
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8807 βΌ
π Read
via "National Vulnerability Database".
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26708 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10538 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.π Read
via "National Vulnerability Database".