βΌ CVE-2021-27205 βΌ
π Read
via "National Vulnerability Database".
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20651 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20645 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20650 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20641 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20647 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27188 βΌ
π Read
via "National Vulnerability Database".
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20640 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20639 βΌ
π Read
via "National Vulnerability Database".
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.π Read
via "National Vulnerability Database".
π΄ You've Got Cloud Security All Wrong: Managing Identity in a Cloud World π΄
π Read
via "Dark Reading".
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.π Read
via "Dark Reading".
Dark Reading
You've Got Cloud Security All Wrong: Managing Identity in a Cloud World
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
π¦Ώ Why cybersecurity insurance may be worth the cost π¦Ώ
π Read
via "Tech Republic".
Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?π Read
via "Tech Republic".
TechRepublic
Why cybersecurity insurance may be worth the cost
Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?
π Friday Five 2/12 π
π Read
via "Digital Guardian".
A hack of a water treatment plant, SIM swapping used on celebrities, and a popular barcode app turned into malware - catch up on all of the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 2/12
A hack of a water treatment plant, SIM swapping used on celebrities, and a popular barcode app turned into malware - catch up on all of the week's infosec news with the Friday Five!
β Florida Water Plant Hack: Leaked Credentials Found in Breach Database β
π Read
via "Threat Post".
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.π Read
via "Threat Post".
Threat Post
Florida Water Plant Hack: Leaked Credentials Found in Breach Database
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.
β Fallen victim to online fraud? Hereβs what to doβ¦ β
π Read
via "Naked Security".
Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.π Read
via "Naked Security".
Naked Security
Fallen victim to online fraud? Hereβs what to doβ¦
Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.
β Singtel Suffers Zero-Day Cyberattack, Damage Unknown β
π Read
via "Threat Post".
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.π Read
via "Threat Post".
Threat Post
Singtel Suffers Zero-Day Cyberattack, Damage Unknown
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer program.
βΌ CVE-2021-27197 βΌ
π Read
via "National Vulnerability Database".
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.π Read
via "National Vulnerability Database".
π΄ Water Utility Hack Could Inspire More Intruders π΄
π Read
via "Dark Reading".
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.π Read
via "Dark Reading".
Dark Reading
Water Utility Hack Could Inspire More Intruders
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
β βAnnoyingly Believableβ Tax Scam Targets Mobile Users β
π Read
via "Threat Post".
A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.π Read
via "Threat Post".
Threat Post
βAnnoyingly Believableβ Tax Scam Targets Mobile Users
A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.
βΌ CVE-2021-22979 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22976 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20412 (security_verify_information_queue) βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.π Read
via "National Vulnerability Database".