π΄ Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day π΄
π Read
via "Dark Reading".
The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Microsoft Patch Tuesday Updates Fix 14 Critical Bugs β
π Read
via "Threat Post".
Microsoft's regularly scheduled March Patch Tuesday updates address 89 CVEs overall.π Read
via "Threat Post".
Threat Post
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
Microsoft's regularly scheduled March Patch Tuesday updates address 89 CVEs overall.
β Dark Web Markets for Stolen Data See Banner Sales β
π Read
via "Threat Post".
Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. That leaves these thriving dirty data dealers in a familiar predicament β they need to lock down their growing businesses for [β¦]π Read
via "Threat Post".
Threat Post
Dark Web Markets for Stolen Data See Banner Sales
Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. That leaves these thriving dirty data dealers in a familiarβ¦
π¦Ώ How to enable Android's Password Checkup feature π¦Ώ
π Read
via "Tech Republic".
Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.π Read
via "Tech Republic".
TechRepublic
How to enable Android's Password Checkup feature
Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.
βΌ CVE-2021-23273 βΌ
π Read
via "National Vulnerability Database".
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28115 βΌ
π Read
via "National Vulnerability Database".
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28116 βΌ
π Read
via "National Vulnerability Database".
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.π Read
via "National Vulnerability Database".
β Appleβs Device Location-Tracking System Could Expose User Identities β
π Read
via "Threat Post".
Researchers have identified two vulnerabilities in the companyβs crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.π Read
via "Threat Post".
Threat Post
Appleβs Device Location-Tracking System Could Expose User Identities
Researchers have identified two vulnerabilities in the companyβs crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.
βΌ CVE-2021-28119 βΌ
π Read
via "National Vulnerability Database".
Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3310 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).π Read
via "National Vulnerability Database".
βΌ CVE-2020-29238 βΌ
π Read
via "National Vulnerability Database".
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.π Read
via "National Vulnerability Database".
β Serious Security: Webshells explained in the aftermath of HAFNIUM attacks β
π Read
via "Naked Security".
Webshells explained, with some (safe) examples you can try at home if you want to learn more.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π¦Ώ How your remote employees may be sharing sensitive data π¦Ώ
π Read
via "Tech Republic".
A majority of employees said they share sensitive information through messaging and collaboration tools, says Veritas.π Read
via "Tech Republic".
TechRepublic
How your remote employees may be sharing sensitive data
A majority of employees said they share sensitive information through messaging and collaboration tools, says Veritas.
β Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare β
π Read
via "Threat Post".
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.π Read
via "Threat Post".
Threat Post
Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.
π΄ Call Recorder iPhone App Flaw Uncovered π΄
π Read
via "Dark Reading".
Researcher finds thousands of recorded calls easily accessible to others.π Read
via "Dark Reading".
Dark Reading
Call Recorder iPhone App Flaw Uncovered
Researcher finds thousands of recorded calls easily accessible to others.
π΄ Digitally Transforming Trusted Transactions Through Biometrics, ML & AI π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
βΌ CVE-2021-28007 βΌ
π Read
via "National Vulnerability Database".
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23722 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23721 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24791 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28705 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.π Read
via "National Vulnerability Database".