π΄ Apple Offers Closer Look at Its Platform Security Technologies, Features π΄
π Read
via "Dark Reading".
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.π Read
via "Dark Reading".
Dark Reading
Apple Offers Closer Look at Its Platform Security Technologies, Features
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
β Apple Outlines 2021 Security, Privacy Roadmap β
π Read
via "Threat Post".
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.π Read
via "Threat Post".
Threat Post
Apple Outlines 2021 Security, Privacy Roadmap
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.
β Cybercriminal Enterprise βRingleadersβ Stole $55M Via COVID-19 Fraud, Romance Scams β
π Read
via "Threat Post".
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.π Read
via "Threat Post".
Threat Post
Cybercriminal Enterprise βRingleadersβ Stole $55M Via COVID-19 Fraud, Romance Scams
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.
βΌ CVE-2020-35776 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35591 βΌ
π Read
via "National Vulnerability Database".
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35592 βΌ
π Read
via "National Vulnerability Database".
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26717 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3271 βΌ
π Read
via "National Vulnerability Database".
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36233 βΌ
π Read
via "National Vulnerability Database".
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26906 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.π Read
via "National Vulnerability Database".
π΄ CrowdStrike Buys Log Management Startup Humio for $400M π΄
π Read
via "Dark Reading".
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.π Read
via "Dark Reading".
Dark Reading
CrowdStrike Buys Log Management Startup Humio for $400M
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
π΄ Microsoft Concludes Internal Investigation into Solorigate Breach π΄
π Read
via "Dark Reading".
The software giant found no evidence that attackers gained extensive access to services or customer data.π Read
via "Dark Reading".
Darkreading
Microsoft Concludes Internal Investigation into Solorigate Breach
The software giant found no evidence that attackers gained extensive access to services or customer data.
βΌ CVE-2021-26747 βΌ
π Read
via "National Vulnerability Database".
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26712 βΌ
π Read
via "National Vulnerability Database".
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.π Read
via "National Vulnerability Database".
β S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs [Podcast] β
π Read
via "Naked Security".
Latest episode, listen now! (Includes special gardening safety section at no extra charge!)π Read
via "Naked Security".
Naked Security
S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs [Podcast]
Latest episode, listen now! (Includes special gardening safety section at no extra charge!)
βΌ CVE-2020-36247 βΌ
π Read
via "National Vulnerability Database".
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36251 βΌ
π Read
via "National Vulnerability Database".
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36249 βΌ
π Read
via "National Vulnerability Database".
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24908 βΌ
π Read
via "National Vulnerability Database".
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26296 βΌ
π Read
via "National Vulnerability Database".
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36250 βΌ
π Read
via "National Vulnerability Database".
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.π Read
via "National Vulnerability Database".