🦿 Cognitive agility can help solve some "wicked" cybersecurity challenges 🦿
📖 Read
via "Tech Republic".
Using psychology can help improve the odds of success against a cybercriminal's digital incursion.📖 Read
via "Tech Republic".
TechRepublic
Cognitive agility can help solve some "wicked" cybersecurity challenges
Using psychology can help improve the odds of success against a cybercriminal's digital incursion.
‼ CVE-2021-26540 ‼
📖 Read
via "National Vulnerability Database".
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26541 ‼
📖 Read
via "National Vulnerability Database".
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21304 ‼
📖 Read
via "National Vulnerability Database".
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25142 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25837 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25834 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26539 ‼
📖 Read
via "National Vulnerability Database".
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25835 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25836 ‼
📖 Read
via "National Vulnerability Database".
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.📖 Read
via "National Vulnerability Database".
🔏 Virginia on Pace to Pass United States' Next Comprehensive Privacy Law 🔏
📖 Read
via "Digital Guardian".
Virginia is right on California's heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.📖 Read
via "Digital Guardian".
Digital Guardian
Virginia on Pace to Pass United States' Next Comprehensive Privacy Law
Virginia is right on California's heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.
🕴 Android App Infects Millions of Devices With a Single Update 🕴
📖 Read
via "Dark Reading".
The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.📖 Read
via "Dark Reading".
Dark Reading
Android App Infects Millions of Devices With a Single Update
The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.
🕴 What's the Difference Between 'Observability' and 'Visibility' in Security? 🕴
📖 Read
via "Dark Reading".
To drive holistic security success, we have to start with the interlinking of visibility and observability.📖 Read
via "Dark Reading".
Dark Reading
What's the Difference Between 'Observability' and 'Visibility' in Security?
To drive holistic security success, we have to start with the interlinking of visibility and observability.
❌ Billions of Passwords Offered for $2 in Cyber-Underground ❌
📖 Read
via "Threat Post".
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.📖 Read
via "Threat Post".
Threat Post
Billions of Passwords Offered for $2 in Cyber-Underground
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.
❌ Critical WordPress Plugin Flaw Allows Site Takeover ❌
📖 Read
via "Threat Post".
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.📖 Read
via "Threat Post".
Threat Post
Critical WordPress Plugin Flaw Allows Site Takeover
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.
🦿 How to block point-to-point file transfers in Skype for Business using PowerShell 🦿
📖 Read
via "Tech Republic".
There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.📖 Read
via "Tech Republic".
TechRepublic
How to block point-to-point file transfers in Skype for Business using PowerShell
There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.
‼ CVE-2021-26905 ‼
📖 Read
via "National Vulnerability Database".
1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25168 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26574 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25171 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25170 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.📖 Read
via "National Vulnerability Database".