βΌ CVE-2021-28821 βΌ
π Read
via "National Vulnerability Database".
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.π Read
via "National Vulnerability Database".
β BlackKingdom ransomware still exploiting insecure Exchange servers β
π Read
via "Naked Security".
Remember Hafnium? Here's the bad news - it's not over yet! Learn why and what to do...π Read
via "Naked Security".
Naked Security
BlackKingdom ransomware still exploiting insecure Exchange servers
Remember Hafnium? Hereβs the bad news β itβs not over yet! Learn why and what to doβ¦
βΌ CVE-2020-13606 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13605 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13607 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13604 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13611 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13609 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22864 βΌ
π Read
via "National Vulnerability Database".
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13612 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13608 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13610 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21380 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28814 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.π Read
via "National Vulnerability Database".
β Hackers Steal FIFA 21 Source Code, Tools in EA Breach β
π Read
via "Threat Post".
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.π Read
via "Threat Post".
Threat Post
Hackers Steal FIFA 21 Source Code, Tools in EA Breach
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.
β Police Grab Slilpp, Biggest Stolen-Logins Market β
π Read
via "Threat Post".
There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.π Read
via "Threat Post".
Threat Post
Police Grab Slilpp, Biggest Stolen-Logins Market
There were over 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.
π΄ Secure Access Trade-offs for DevSecOps Teams π΄
π Read
via "Dark Reading".
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.π Read
via "Dark Reading".
βΌ CVE-2021-26829 βΌ
π Read
via "National Vulnerability Database".
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.π Read
via "National Vulnerability Database".
β Monumental Supply-Chain Attack on Airlines Traced to State Actor β
π Read
via "Threat Post".
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.π Read
via "Threat Post".
π΄ Many Mobile Apps Intentionally Using Insecure Connections for Sending Data π΄
π Read
via "Dark Reading".
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.π Read
via "Dark Reading".
Dark Reading
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
π Friday Five 6/11 π
π Read
via "".
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/11
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!