🕴 Microsoft Releases Mitigation Tool for On-Premises Exchange Servers 🕴
📖 Read
via "Dark Reading".
The tool, developed for organizations without dedicated IT and security teams, is meant to be used as temporary mitigation.📖 Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
🦿 Mamma Mia! Compromised passwords are filled with popular music artists 🦿
📖 Read
via "Tech Republic".
All apologies, but if you use your favorite band as part of your password it's time to turn around and try something else.📖 Read
via "Tech Republic".
TechRepublic
Mamma Mia! Compromised passwords are filled with popular music artists
All apologies, but if you use your favorite band as part of your password it's time to turn around and try something else.
🦿 McAfee uncovers espionage campaign aimed at major telecommunication companies 🦿
📖 Read
via "Tech Republic".
The security company said the attacks were attributed to RedDelta and Mustang Panda, both of which are allegedly based in China.📖 Read
via "Tech Republic".
TechRepublic
McAfee uncovers espionage campaign aimed at major telecommunication companies
The security company said the attacks were attributed to RedDelta and Mustang Panda, both of which are allegedly based in China.
‼ CVE-2020-28899 ‼
📖 Read
via "National Vulnerability Database".
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22887 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25916 ‼
📖 Read
via "National Vulnerability Database".
Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27938 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.📖 Read
via "National Vulnerability Database".
🕴 IronNet Cybersecurity to Go Public in Merger 🕴
📖 Read
via "Dark Reading".
Company intends for the deal to drive adoption of its Collective Defense Platform.📖 Read
via "Dark Reading".
Dark Reading
IronNet Cybersecurity to Go Public in Merger
Company intends for the deal to drive adoption of its Collective Defense Platform.
🦿 Bitwarden: How to enable biometric login 🦿
📖 Read
via "Tech Republic".
If you'd rather not have to enter your password every time you open the Bitwarden password manager on your mobile device, Jack Wallen shows you how to enable biometric login.📖 Read
via "Tech Republic".
TechRepublic
How to enable biometric login with Bitwarden
If you'd rather not have to enter your password every time you open the Bitwarden password manager on your mobile device, Jack Wallen shows you how to enable biometric login.
❌ Mom & Daughter Duo Hack Homecoming Crown ❌
📖 Read
via "Threat Post".
A Florida high-school student faces jail time for rigging her school's Homecoming Queen election.📖 Read
via "Threat Post".
Threat Post
Mom & Daughter Duo Hack Homecoming Crown
A Florida high-school student faces jail time for rigging her school's Homecoming Queen election.
❌ PYSA Ransomware Pillages Education Sector, Feds Warn ❌
📖 Read
via "Threat Post".
A major spike of attacks against higher ed, K-12 and seminaries in March has prompted the FBI to issue a special alert.📖 Read
via "Threat Post".
Threat Post
PYSA Ransomware Pillages Education Sector, Feds Warn
A major spike of attacks against higher ed, K-12 and seminaries in March has prompted the FBI to issue a special alert.
‼ CVE-2021-28380 ‼
📖 Read
via "National Vulnerability Database".
The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3127 ‼
📖 Read
via "National Vulnerability Database".
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28295 ‼
📖 Read
via "National Vulnerability Database".
Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28381 ‼
📖 Read
via "National Vulnerability Database".
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20218 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28294 ‼
📖 Read
via "National Vulnerability Database".
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).📖 Read
via "National Vulnerability Database".
🕴 Chinese APT Targets Telcos in 5G-Related Cyber-Espionage Campaign 🕴
📖 Read
via "Dark Reading".
Telemetry suggests that threat actor behind Operation Dianxun is Mustang Panda, McAfee says.📖 Read
via "Dark Reading".
Dark Reading
Chinese APT Targets Telcos in 5G-Related Cyber-Espionage Campaign
Telemetry suggests that threat actor behind Operation Dianxun is Mustang Panda, McAfee says.
‼ CVE-2021-3344 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-3903 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-3897 ‼
📖 Read
via "National Vulnerability Database".
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.📖 Read
via "National Vulnerability Database".