‼ CVE-2021-1396 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1388 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1361 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1367 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1229 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot.📖 Read
via "National Vulnerability Database".
🦿 How to protect yourself from common job search scams 🦿
📖 Read
via "Tech Republic".
A new FlexJobs survey reveals 14 of the most common--and successful--job-search scams. Here's how to identify them and not become a victim.📖 Read
via "Tech Republic".
TechRepublic
How to protect yourself from common job search scams
A new FlexJobs survey reveals 14 of the most common--and successful--job-search scams. Here's how to identify them and not become a victim.
❌ Tax Season Ushers in Quickbooks Data-Theft Spike ❌
📖 Read
via "Threat Post".
Quickbooks malware targets tax data for attackers to sell and use in phishing scams.📖 Read
via "Threat Post".
Threat Post
Tax Season Ushers in Quickbooks Data-Theft Spike
Quickbooks malware targets tax data for attackers to sell and use in phishing scams.
🕴 New APT Group Targets Airline Industry & Immigration 🕴
📖 Read
via "Dark Reading".
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.📖 Read
via "Dark Reading".
Dark Reading
New APT Group Targets Airline Industry & Immigration
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
🕴 61% of Malware Delivered via Cloud Apps: Report 🕴
📖 Read
via "Dark Reading".
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.📖 Read
via "Dark Reading".
Dark Reading
61% of Malware Delivered via Cloud Apps: Report
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
🕴 Cybercriminals Target QuickBooks Databases 🕴
📖 Read
via "Dark Reading".
Stolen financial files then get sold on the Dark Web, researchers say.📖 Read
via "Dark Reading".
Dark Reading
Cybercriminals Target QuickBooks Databases
Stolen financial files then get sold on the Dark Web, researchers say.
‼ CVE-2020-9052 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9053 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9051 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27671 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27670 ‼
📖 Read
via "National Vulnerability Database".
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]
Latest episode – listen now!
‼ CVE-2020-36254 ‼
📖 Read
via "National Vulnerability Database".
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8032 ‼
📖 Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.📖 Read
via "National Vulnerability Database".
❌ Cisco Warns of Critical Auth-Bypass Security Flaw ❌
📖 Read
via "Threat Post".
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.📖 Read
via "Threat Post".
Threat Post
Cisco Warns of Critical Auth-Bypass Security Flaw
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
🕴 How to Avoid Falling Victim to a SolarWinds-Style Attack 🕴
📖 Read
via "Dark Reading".
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.📖 Read
via "Dark Reading".
Dark Reading
How to Avoid Falling Victim to a SolarWinds-Style Attack
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
‼ CVE-2021-21066 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".