βΌ CVE-2020-12365 βΌ
π Read
via "National Vulnerability Database".
Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27362 βΌ
π Read
via "National Vulnerability Database".
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25779 βΌ
π Read
via "National Vulnerability Database".
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36002 βΌ
π Read
via "National Vulnerability Database".
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25780 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22173 βΌ
π Read
via "National Vulnerability Database".
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture fileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-27224 βΌ
π Read
via "National Vulnerability Database".
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26697 βΌ
π Read
via "National Vulnerability Database".
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22174 βΌ
π Read
via "National Vulnerability Database".
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture fileπ Read
via "National Vulnerability Database".
π΄ Breach Etiquette: How to Mind Your Manners When It Matters π΄
π Read
via "Dark Reading".
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.π Read
via "Dark Reading".
Dark Reading
Breach Etiquette: How to Mind Your Manners When It Matters
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
π΄ Enterprise Windows Threats Drop as Mac Attacks Rise: Report π΄
π Read
via "Dark Reading".
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.π Read
via "Dark Reading".
Dark Reading
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
β βScamClubβ gang outed for exploiting iPhone browser bug to spew ads β
π Read
via "Naked Security".
Stay away from popup surveys that want personal data. Tell your friends...π Read
via "Naked Security".
Naked Security
βScamClubβ gang outed for exploiting iPhone browser bug to spew ads
Stay away from popup surveys that want personal data. Tell your friendsβ¦
β How one man silently infiltrated dozens of high-tech networks β
π Read
via "Naked Security".
Ever counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Romance scams at all-time high: hereβs what you need to know β
π Read
via "Naked Security".
It's heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here's what to do...π Read
via "Naked Security".
Naked Security
Romance scams at all-time high: hereβs what you need to know
Itβs heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Hereβs what to doβ¦
π΄ Ransomware? Let's Call It What It Really Is: Extortionware π΄
π Read
via "Dark Reading".
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.π Read
via "Dark Reading".
Dark Reading
Ransomware? Let's Call It What It Really Is: Extortionware
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
β U.S. Accuses North Korean Hackers of Stealing Millions β
π Read
via "Threat Post".
The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea.π Read
via "Threat Post".
Threat Post
U.S. Accuses North Korean Hackers of Stealing Millions
The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea.
π¦Ώ Kaspersky: Goofing off a little at work may help security teams stay focused π¦Ώ
π Read
via "Tech Republic".
The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours.π Read
via "Tech Republic".
TechRepublic
Kaspersky: Goofing off a little at work may help security teams stay focused
The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours.
βΌ CVE-2021-1366 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1372 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1412 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1378 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.π Read
via "National Vulnerability Database".