βΌ CVE-2020-12971 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2008-2660 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32552 βΌ
π Read
via "National Vulnerability Database".
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32551 βΌ
π Read
via "National Vulnerability Database".
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31811 βΌ
π Read
via "National Vulnerability Database".
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34682 βΌ
π Read
via "National Vulnerability Database".
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23394 βΌ
π Read
via "National Vulnerability Database".
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21439 βΌ
π Read
via "National Vulnerability Database".
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.π Read
via "National Vulnerability Database".
π΄ Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough π΄
π Read
via "Dark Reading".
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.π Read
via "Dark Reading".
Dark Reading
Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
π΄ Name That Toon: Sight Unseen π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Sight Unseen
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work π΄
π Read
via "Dark Reading".
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.π Read
via "Dark Reading".
β Volkswagen Vendor Exposed Data of 3.3m Drivers β
π Read
via "Threat Post".
Nearly all of the leaked data was for owners or wannabe owners of the automakerβs luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.π Read
via "Threat Post".
Threat Post
Volkswagen Vendor Exposed Data of 3.3m Drivers
Nearly all of the leaked data was for owners or wannabe owners of the automakerβs luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.
βΌ CVE-2021-24350 βΌ
π Read
via "National Vulnerability Database".
The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24349 βΌ
π Read
via "National Vulnerability Database".
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24355 βΌ
π Read
via "National Vulnerability Database".
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.π Read
via "National Vulnerability Database".
β Moobot Milks Tenda Router Bugs for Propagation β
π Read
via "Threat Post".
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.π Read
via "Threat Post".
Threat Post
Moobot Milks Tenda Router Bugs for Propagation
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.
π¦Ώ Why employees need counterespionage training π¦Ώ
π Read
via "Tech Republic".
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.π Read
via "Tech Republic".
TechRepublic
Why employees need counterespionage training
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.
βΌ CVE-2021-32682 βΌ
π Read
via "National Vulnerability Database".
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.π Read
via "National Vulnerability Database".
π΄ New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards' π΄
π Read
via "Dark Reading".
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.π Read
via "Dark Reading".
Dark Reading
New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
π Colorado Passes State Privacy Act, Poised to Become Law π
π Read
via "".
Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.π Read
via "".
Digital Guardian
Colorado Passes State Privacy Act, Poised to Become Law
Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.
π΄ Google Workspace Adds Client-Side Encryption π΄
π Read
via "Dark Reading".
Users given control over encryption keys, Google says.π Read
via "Dark Reading".
Dark Reading
Google Workspace Adds Client-Side Encryption
Users given control over encryption keys, Google says.