βΌ CVE-2021-28088 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21381 βΌ
π Read
via "National Vulnerability Database".
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14987 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27679 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26776 βΌ
π Read
via "National Vulnerability Database".
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.π Read
via "National Vulnerability Database".
π¦Ώ Hackers update Gootkit RAT to use Google searches and discussion forums to deliver malware π¦Ώ
π Read
via "Tech Republic".
Security analysts and an SEO expert explain how this new approach uses legitimate websites to trick users into downloading infected files.π Read
via "Tech Republic".
TechRepublic
Cybercriminals using Google Search as the latest trick to snare unsuspecting victims for malware attacks
Malware from SEO poisoning such as the Gootkit RAT is a new way for companies to be hit with ransomware.
π Virginia Passes Consumer Data Protection Act π
π Read
via "Digital Guardian".
Virginiaβs Consumer Data Protection Act (CDPA) is first major state privacy law since California's. Under the law, organizations will need to implement reasonable security practices to protect sensitive data.π Read
via "Digital Guardian".
Digital Guardian
Virginia Passes Consumer Data Protection Act
Virginiaβs Consumer Data Protection Act (CDPA) is first major state privacy law since California's. Under the law, organizations will need to implement reasonable security practices to protect sensitive data.
βΌ CVE-2020-14989 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29045 βΌ
π Read
via "National Vulnerability Database".
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14988 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.π Read
via "National Vulnerability Database".
β TrickBot Takes Over, After Cops Kneecap Emotet β
π Read
via "Threat Post".
TrickBot rises to top threat in February, overtaking Emotet in Check Pointβs new index.π Read
via "Threat Post".
Threat Post
TrickBot Takes Over, After Cops Kneecap Emotet
TrickBot rises to top threat in February, overtaking Emotet in Check Pointβs new index.
β Ransomware Attack Strikes Spainβs Employment Agency β
π Read
via "Threat Post".
Reports say that the agency in charge of managing Spain's unemployment benefits has been hit by the Ryuk ransomware.π Read
via "Threat Post".
Threat Post
Ransomware Attack Strikes Spainβs Employment Agency
Reports say that the agency in charge of managing Spain's unemployment benefits has been hit by the Ryuk ransomware.
π΄ Does XDR Mark the Spot? 6 Questions to Ask π΄
π Read
via "Dark Reading".
Extended detection and response technology goes well beyond endpoint management to provide visibility into networks, servers, cloud, and applications. Could it be the answer to your security challenges?π Read
via "Dark Reading".
Dark Reading
Does XDR Mark the Spot? 6 Questions to Ask
Extended detection and response technology goes well beyond endpoint management to provide visibility into networks, servers, cloud, and applications. Could it be the answer to your security challenges?
π¦Ώ How to install and configure 2FA on AlmaLinux π¦Ώ
π Read
via "Tech Republic".
Jack Wallen walks you through the process of enabling two-factor authentication on the new fork of CentOS, AlmaLinux.π Read
via "Tech Republic".
TechRepublic
How to install and configure 2FA on AlmaLinux
Jack Wallen walks you through the process of enabling two-factor authentication on the new fork of CentOS, AlmaLinux.
π΄ Molson Coors Beer Operations Halted by Hack π΄
π Read
via "Dark Reading".
No details yet disclosed on the cyberattack.π Read
via "Dark Reading".
Dark Reading
Molson Coors Beer Operations Halted by Hack
No details yet disclosed on the cyberattack.
π΄ Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020 π΄
π Read
via "Dark Reading".
An analysis of 50 vulnerabilities finds a spectrum of risk, from widespread vulnerabilities exploited by a variety of attackers to serious issues that will likely be exploited in 2021.π Read
via "Dark Reading".
Dark Reading
Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020
An analysis of 50 vulnerabilities finds a spectrum of risk, from widespread vulnerabilities exploited by a variety of attackers to serious issues that will likely be exploited in 2021.
βΌ CVE-2021-28154 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed."π Read
via "National Vulnerability Database".
βΌ CVE-2020-24983 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22710 βΌ
π Read
via "National Vulnerability Database".
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22714 βΌ
π Read
via "National Vulnerability Database".
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22712 βΌ
π Read
via "National Vulnerability Database".
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address.π Read
via "National Vulnerability Database".