βΌ CVE-2021-1568 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1541 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
π΄ Ransomware Operators' Strategies Evolve as Attacks Rise π΄
π Read
via "Dark Reading".
Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.π Read
via "Dark Reading".
π΄ Ukraine Police Disrupt Cl0p Ransomware Operation π΄
π Read
via "Dark Reading".
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.π Read
via "Dark Reading".
Dark Reading
Ukraine Police Disrupt Cl0p Ransomware Operation
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.
βΌ CVE-2021-34201 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34204 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32243 βΌ
π Read
via "National Vulnerability Database".
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).π Read
via "National Vulnerability Database".
β How to hack a bicycle β Peloton Bike+ rooting bug patched β
π Read
via "Naked Security".
It's a bike, Jim, but not as we know it.π Read
via "Naked Security".
Naked Security
How to hack a bicycle β Peloton Bike+ rooting bug patched
Itβs a bike, Jim, but not as we know it.
βΌ CVE-2021-31476 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21777 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.π Read
via "National Vulnerability Database".
β Threat Actors Use Google Docs to Host Phishing Attacks β
π Read
via "Threat Post".
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.π Read
via "Threat Post".
Threat Post
Threat Actors Use Google Docs to Host Phishing Attacks
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.
β S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]
Latest episode β listen now!
π¦Ώ Amazon Prime Day scams resurface for 2021 π¦Ώ
π Read
via "Tech Republic".
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.π Read
via "Tech Republic".
TechRepublic
Amazon Prime Day scams resurface for 2021
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.
π΄ Mission Critical: What Really Matters in a Cybersecurity Incident π΄
π Read
via "Dark Reading".
The things you do before and during a cybersecurity incident can make or break the success of your response.π Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
βΌ CVE-2021-32946 βΌ
π Read
via "National Vulnerability Database".
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32938 βΌ
π Read
via "National Vulnerability Database".
Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32950 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32944 βΌ
π Read
via "National Vulnerability Database".
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32952 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32936 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34825 βΌ
π Read
via "National Vulnerability Database".
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.π Read
via "National Vulnerability Database".