βΌ CVE-2021-26221 βΌ
π Read
via "National Vulnerability Database".
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21306 βΌ
π Read
via "National Vulnerability Database".
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26913 βΌ
π Read
via "National Vulnerability Database".
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.π Read
via "National Vulnerability Database".
π΄ Emotet Takedown: Short-Term Celebration, Long-Term Concerns π΄
π Read
via "Dark Reading".
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.π Read
via "Dark Reading".
Dark Reading
Emotet Takedown: Short-Term Celebration, Long-Term Concerns
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.
β Safer Internet Day β Why not up your game? β
π Read
via "Naked Security".
Four tips for Safer Internet Dayπ Read
via "Naked Security".
Naked Security
Safer Internet Day β Why not up your game?
Four tips for Safer Internet Day
βΌ CVE-2020-29021 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3294 βΌ
π Read
via "National Vulnerability Database".
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14391 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26917 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.π Read
via "National Vulnerability Database".
β Hacker Tries to Poison Water Supply of Florida Town β
π Read
via "Threat Post".
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.π Read
via "Threat Post".
Threat Post
Hacker Tries to Poison Water Supply of Florida Town
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.
π¦Ώ Ransomware can be installed via ghost accounts π¦Ώ
π Read
via "Tech Republic".
Active accounts for people who have left your organization can make exploitation easy, according to Sophos.π Read
via "Tech Republic".
TechRepublic
Ransomware can be installed via ghost accounts
Active accounts for people who have left your organization can make exploitation easy, according to Sophos.
π΄ Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government π΄
π Read
via "Dark Reading".
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.π Read
via "Dark Reading".
Dark Reading
Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
π΄ Fighting Fileless Malware, Part 2: Countermeasures π΄
π Read
via "Dark Reading".
Why do fileless attacks persist? Let's break down the strengths and weaknesses of the existing mitigations.π Read
via "Dark Reading".
Dark Reading
Fighting Fileless Malware, Part 2: Countermeasures
Why do fileless attacks persist? Let's break down the strengths and weaknesses of the existing mitigations.
π΄ SolarWinds Attack Reinforces Importance of Principle of Least Privilege π΄
π Read
via "Dark Reading".
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.π Read
via "Dark Reading".
Dark Reading
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
β Cyberpunk 2077 Publisher Hit with Hack, Threats and Ransomware β
π Read
via "Threat Post".
CD Projekt Red was hit with a cyberattack, and the attackers are threatening to release source code for Witcher 3, corporate documents and more.π Read
via "Threat Post".
Threat Post
Cyberpunk 2077 Publisher Hit with Hack, Threats and Ransomware
CD Projekt Red was hit with a cyberattack, and the attackers are threatening to release source code for Witcher 3, corporate documents and more.
β Android Devices Hunted by LodaRAT Windows Malware β
π Read
via "Threat Post".
The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign.π Read
via "Threat Post".
Threat Post
Android Devices Hunted by LodaRAT Windows Malware
The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign.
β Beware of technical βexpertsβ bombarding you with bug reports β
π Read
via "Naked Security".
Beware pseudo-geeks bearing 'gifts'.π Read
via "Naked Security".
Naked Security
Beware of technical βexpertsβ bombarding you with bug reports
Beware pseudo-geeks bearing βgiftsβ.
π¦Ώ FBI, Secret Service investigating cyberattack on Florida water treatment plant π¦Ώ
π Read
via "Tech Republic".
Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town's water.π Read
via "Tech Republic".
TechRepublic
FBI, Secret Service investigating cyberattack on Florida water treatment plant
Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town's water.
βΌ CVE-2021-21146 βΌ
π Read
via "National Vulnerability Database".
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27259 βΌ
π Read
via "National Vulnerability Database".
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4795 βΌ
π Read
via "National Vulnerability Database".
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.π Read
via "National Vulnerability Database".