‼ CVE-2021-28110 ‼
📖 Read
via "National Vulnerability Database".
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27928 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25291 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28109 ‼
📖 Read
via "National Vulnerability Database".
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
🦿 Want to be an ethical hacker? Take these cybersecurity courses 🦿
📖 Read
via "Tech Republic".
In these 18 online training courses on ethical hacking, cybersecurity pros will teach you about creating projects with Python, bug bounty hunting, Kali Linux hacker tools and much more.📖 Read
via "Tech Republic".
TechRepublic
Want to be an ethical hacker? Take these cybersecurity courses
In these 18 online training courses on ethical hacking, cybersecurity pros will teach you about creating projects with Python, bug bounty hunting, Kali Linux hacker tools and much more.
🕴 Russian Man Pleads Guilty in Thwarted Tesla Hack 🕴
📖 Read
via "Dark Reading".
Egor Kriuchkov will be sentenced in May on conspiracy charge📖 Read
via "Dark Reading".
Dark Reading
Russian Man Pleads Guilty in Thwarted Tesla Hack
Egor Kriuchkov will be sentenced in May on conspiracy charge
🦿 Business email compromise scams proved costly to victims in 2020 🦿
📖 Read
via "Tech Republic".
The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion.📖 Read
via "Tech Republic".
TechRepublic
Business email compromise scams proved costly to victims in 2020
The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion.
❌ Bogus Android Clubhouse App Drops Credential-Swiping Malware ❌
📖 Read
via "Threat Post".
The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon.📖 Read
via "Threat Post".
Threat Post
Bogus Android Clubhouse App Drops Credential-Swiping Malware
The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon.
🕴 SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes 🕴
📖 Read
via "Dark Reading".
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.📖 Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
‼ CVE-2021-27506 ‼
📖 Read
via "National Vulnerability Database".
In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 3/19 🔏
📖 Read
via "Digital Guardian".
Stolen phone access, cybersecurity in national security, and the theft of NFTs - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 3/19
Stolen phone access, cybersecurity in national security, and the theft of NFTs - catch up on all of the week's infosec news with the Friday Five!
🦿 How to use semanage and avoid disabling SELinux 🦿
📖 Read
via "Tech Republic".
Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier.📖 Read
via "Tech Republic".
TechRepublic
How to use semanage and avoid disabling SELinux
Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier.
‼ CVE-2020-4635 ‼
📖 Read
via "National Vulnerability Database".
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25277 ‼
📖 Read
via "National Vulnerability Database".
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25278 ‼
📖 Read
via "National Vulnerability Database".
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27906 ‼
📖 Read
via "National Vulnerability Database".
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27807 ‼
📖 Read
via "National Vulnerability Database".
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21390 ‼
📖 Read
via "National Vulnerability Database".
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21387 ‼
📖 Read
via "National Vulnerability Database".
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0.📖 Read
via "National Vulnerability Database".
❌ Office 365 Phishing Attack Targets Financial Execs ❌
📖 Read
via "Threat Post".
Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.📖 Read
via "Threat Post".
Threat Post
Office 365 Phishing Attack Targets Financial Execs
Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.
🕴 Verkada Attacker Charged with Wire Fraud, Conspiracy in US 🕴
📖 Read
via "Dark Reading".
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.📖 Read
via "Dark Reading".
Dark Reading
Verkada Attacker Charged with Wire Fraud, Conspiracy in US
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.