β Finnish IT Giant Hit with Ransomware Cyberattack β
π Read
via "Threat Post".
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a [β¦]π Read
via "Threat Post".
Threat Post
Finnish IT Giant Hit with Ransomware Cyberattack
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack onβ¦
βΌ CVE-2020-4953 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28432 βΌ
π Read
via "National Vulnerability Database".
All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")π Read
via "National Vulnerability Database".
βΌ CVE-2021-25630 βΌ
π Read
via "National Vulnerability Database".
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27550 βΌ
π Read
via "National Vulnerability Database".
Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7847 βΌ
π Read
via "National Vulnerability Database".
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3252 βΌ
π Read
via "National Vulnerability Database".
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28431 βΌ
π Read
via "National Vulnerability Database".
All versions of package wc-cmd are vulnerable to Command Injection via the index.js file. PoC: var a =require("wc-cmd"); a("touch JHU")π Read
via "National Vulnerability Database".
βΌ CVE-2020-28429 βΌ
π Read
via "National Vulnerability Database".
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})π Read
via "National Vulnerability Database".
βΌ CVE-2020-28430 βΌ
π Read
via "National Vulnerability Database".
All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require("nuance-gulp-build-common") a.run("touch JHU")π Read
via "National Vulnerability Database".
π΄ Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer π΄
π Read
via "Dark Reading".
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.π Read
via "Dark Reading".
Dark Reading
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
βΌ CVE-2021-22651 βΌ
π Read
via "National Vulnerability Database".
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20198 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26685 βΌ
π Read
via "National Vulnerability Database".
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20229 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27582 βΌ
π Read
via "National Vulnerability Database".
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16243 βΌ
π Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27579 βΌ
π Read
via "National Vulnerability Database".
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26686 βΌ
π Read
via "National Vulnerability Database".
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20220 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26683 βΌ
π Read
via "National Vulnerability Database".
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.π Read
via "National Vulnerability Database".