π΄ Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough π΄
π Read
via "Dark Reading".
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.π Read
via "Dark Reading".
Dark Reading
Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
π΄ Name That Toon: Sight Unseen π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Sight Unseen
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work π΄
π Read
via "Dark Reading".
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.π Read
via "Dark Reading".
β Volkswagen Vendor Exposed Data of 3.3m Drivers β
π Read
via "Threat Post".
Nearly all of the leaked data was for owners or wannabe owners of the automakerβs luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.π Read
via "Threat Post".
Threat Post
Volkswagen Vendor Exposed Data of 3.3m Drivers
Nearly all of the leaked data was for owners or wannabe owners of the automakerβs luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.
βΌ CVE-2021-24350 βΌ
π Read
via "National Vulnerability Database".
The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24349 βΌ
π Read
via "National Vulnerability Database".
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24355 βΌ
π Read
via "National Vulnerability Database".
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.π Read
via "National Vulnerability Database".
β Moobot Milks Tenda Router Bugs for Propagation β
π Read
via "Threat Post".
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.π Read
via "Threat Post".
Threat Post
Moobot Milks Tenda Router Bugs for Propagation
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.
π¦Ώ Why employees need counterespionage training π¦Ώ
π Read
via "Tech Republic".
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.π Read
via "Tech Republic".
TechRepublic
Why employees need counterespionage training
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.
βΌ CVE-2021-32682 βΌ
π Read
via "National Vulnerability Database".
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.π Read
via "National Vulnerability Database".
π΄ New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards' π΄
π Read
via "Dark Reading".
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.π Read
via "Dark Reading".
Dark Reading
New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
π Colorado Passes State Privacy Act, Poised to Become Law π
π Read
via "".
Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.π Read
via "".
Digital Guardian
Colorado Passes State Privacy Act, Poised to Become Law
Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.
π΄ Google Workspace Adds Client-Side Encryption π΄
π Read
via "Dark Reading".
Users given control over encryption keys, Google says.π Read
via "Dark Reading".
Dark Reading
Google Workspace Adds Client-Side Encryption
Users given control over encryption keys, Google says.
βΌ CVE-2021-21556 βΌ
π Read
via "National Vulnerability Database".
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.π Read
via "National Vulnerability Database".
β Utilities βConcerninglyβ at Risk from Active Exploits β
π Read
via "Threat Post".
Utilitiesβ vulnerability to application exploits goes from bad to worse in just weeks. π Read
via "Threat Post".
Threat Post
Utilities βConcerninglyβ at Risk from Active Exploits
Utilitiesβ vulnerability to application exploits goes from bad to worse in just weeks.
π΄ Cyber Analytics Database Exposed 5 Billion Records Online π΄
π Read
via "Dark Reading".
In an ironic twist, Cognyte's data alerts customers to third-party data exposures.π Read
via "Dark Reading".
βΌ CVE-2021-0324 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android SoCAndroid ID: A-175402462π Read
via "National Vulnerability Database".
βΌ CVE-2021-0467 βΌ
π Read
via "National Vulnerability Database".
In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700π Read
via "National Vulnerability Database".
π΄ VPN Attacks Surged in First Quarter π΄
π Read
via "Dark Reading".
But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.π Read
via "Dark Reading".
Dark Reading
VPN Attacks Surged in First Quarter
But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.
βΌ CVE-2021-34693 βΌ
π Read
via "National Vulnerability Database".
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27887 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victimΓ’β¬β’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.π Read
via "National Vulnerability Database".