βΌ CVE-2021-21380 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28814 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.π Read
via "National Vulnerability Database".
β Hackers Steal FIFA 21 Source Code, Tools in EA Breach β
π Read
via "Threat Post".
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.π Read
via "Threat Post".
Threat Post
Hackers Steal FIFA 21 Source Code, Tools in EA Breach
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.
β Police Grab Slilpp, Biggest Stolen-Logins Market β
π Read
via "Threat Post".
There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.π Read
via "Threat Post".
Threat Post
Police Grab Slilpp, Biggest Stolen-Logins Market
There were over 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.
π΄ Secure Access Trade-offs for DevSecOps Teams π΄
π Read
via "Dark Reading".
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.π Read
via "Dark Reading".
βΌ CVE-2021-26829 βΌ
π Read
via "National Vulnerability Database".
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.π Read
via "National Vulnerability Database".
β Monumental Supply-Chain Attack on Airlines Traced to State Actor β
π Read
via "Threat Post".
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.π Read
via "Threat Post".
π΄ Many Mobile Apps Intentionally Using Insecure Connections for Sending Data π΄
π Read
via "Dark Reading".
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.π Read
via "Dark Reading".
Dark Reading
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
π Friday Five 6/11 π
π Read
via "".
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/11
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!
π GNU Privacy Guard 2.2.28 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.28 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π nfstream 6.3.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-25401 βΌ
π Read
via "National Vulnerability Database".
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25385 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25397 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.π Read
via "National Vulnerability Database".
β Chrome zero-day, hot on the heels of Microsoftβs IE zero-day. Patch now! β
π Read
via "Naked Security".
Patch early. Patch often. Patch now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β ALPACA β the wacky TLS security vulnerability with a funky name β
π Read
via "Naked Security".
Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way.π Read
via "Naked Security".
Naked Security
ALPACA β the wacky TLS security vulnerability with a funky name
Donβt panic β this isnβt another Heartbleed. But itβs a fascinating reminder of why doing things the easy way isnβt always the best way.
β S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast]
Latest episode β listen now!
βΌ CVE-2021-25419 βΌ
π Read
via "National Vulnerability Database".
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29754 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5003 βΌ
π Read
via "National Vulnerability Database".
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25425 βΌ
π Read
via "National Vulnerability Database".
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.π Read
via "National Vulnerability Database".