βΌ CVE-2021-23273 βΌ
π Read
via "National Vulnerability Database".
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28115 βΌ
π Read
via "National Vulnerability Database".
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28116 βΌ
π Read
via "National Vulnerability Database".
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.π Read
via "National Vulnerability Database".
β Appleβs Device Location-Tracking System Could Expose User Identities β
π Read
via "Threat Post".
Researchers have identified two vulnerabilities in the companyβs crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.π Read
via "Threat Post".
Threat Post
Appleβs Device Location-Tracking System Could Expose User Identities
Researchers have identified two vulnerabilities in the companyβs crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.
βΌ CVE-2021-28119 βΌ
π Read
via "National Vulnerability Database".
Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3310 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).π Read
via "National Vulnerability Database".
βΌ CVE-2020-29238 βΌ
π Read
via "National Vulnerability Database".
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.π Read
via "National Vulnerability Database".
β Serious Security: Webshells explained in the aftermath of HAFNIUM attacks β
π Read
via "Naked Security".
Webshells explained, with some (safe) examples you can try at home if you want to learn more.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π¦Ώ How your remote employees may be sharing sensitive data π¦Ώ
π Read
via "Tech Republic".
A majority of employees said they share sensitive information through messaging and collaboration tools, says Veritas.π Read
via "Tech Republic".
TechRepublic
How your remote employees may be sharing sensitive data
A majority of employees said they share sensitive information through messaging and collaboration tools, says Veritas.
β Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare β
π Read
via "Threat Post".
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.π Read
via "Threat Post".
Threat Post
Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.
π΄ Call Recorder iPhone App Flaw Uncovered π΄
π Read
via "Dark Reading".
Researcher finds thousands of recorded calls easily accessible to others.π Read
via "Dark Reading".
Dark Reading
Call Recorder iPhone App Flaw Uncovered
Researcher finds thousands of recorded calls easily accessible to others.
π΄ Digitally Transforming Trusted Transactions Through Biometrics, ML & AI π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
βΌ CVE-2021-28007 βΌ
π Read
via "National Vulnerability Database".
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23722 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23721 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24791 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28705 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3224 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.π Read
via "National Vulnerability Database".
π¦Ώ How organizations can combat the security risks of working remotely π¦Ώ
π Read
via "Tech Republic".
Less than half of employees feel their organization's cybersecurity has strengthened since the start of COVID-19, says Lynx Software.π Read
via "Tech Republic".
TechRepublic
How organizations can combat the security risks of working remotely
Less than half of employees feel their organization's cybersecurity has strengthened since the start of COVID-19, says Lynx Software.
β Nim-Based Malware Loader Spreads Via Spear-Phishing Emails β
π Read
via "Threat Post".
Spear-phishing emails are spreading the NimzaLoader malware loader, which some say may be used to download Cobalt Strike.π Read
via "Threat Post".
Threat Post
Nim-Based Malware Loader Spreads Via Spear-Phishing Emails
Spear-phishing emails are spreading the NimzaLoader malware loader, which some say may be used to download Cobalt Strike.
π΄ How to Protect Vulnerable Seniors From Cybercrime π΄
π Read
via "Dark Reading".
According to the FBI, people over the age of 60 lose more money to cybercrime than any other age group. The good news: Safety is only three main tips away.π Read
via "Dark Reading".
Dark Reading
How to Protect Vulnerable Seniors From Cybercrime
According to the FBI, people over the age of 60 lose more money to cybercrime than any other age group. The good news: Safety is only three main tips away.