βΌ CVE-2021-31818 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isnΓ’β¬β’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.π Read
via "National Vulnerability Database".
β CVS Health Records for 1.1 Billion Customers Exposed β
π Read
via "Threat Post".
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.π Read
via "Threat Post".
Threat Post
CVS Health Records for 1.1 Billion Customers Exposed
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.
β Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes β
π Read
via "Threat Post".
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.π Read
via "Threat Post".
Threat Post
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.
π΄ Cyberattacks Are Tailored to Employees ... Why Isn't Security Training? π΄
π Read
via "Dark Reading".
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.π Read
via "Dark Reading".
Dark Reading
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
βΌ CVE-2021-23396 βΌ
π Read
via "National Vulnerability Database".
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.π Read
via "National Vulnerability Database".
βΌ CVE-2013-20002 βΌ
π Read
via "National Vulnerability Database".
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.π Read
via "National Vulnerability Database".
π What is Data Classification? A Data Classification Definition π
π Read
via "".
Learn about the different types of classification and how to effectively classify your data in Data Protection 101, our series on the fundamentals of data security.π Read
via "".
Digitalguardian
What is Data Classification? A Data Classification Definition
Learn about the different types of classification and how to effectively classify your data in Data Protection 101, our series on the fundamentals of data security.
β Cisco Smart Switches Riddled with Severe Security Holes β
π Read
via "Threat Post".
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.π Read
via "Threat Post".
Threat Post
Cisco Smart Switches Riddled with Severe Security Holes
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.
βΌ CVE-2021-32575 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33557 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.π Read
via "National Vulnerability Database".
β Clop Raid: A Big Win in the War on Ransomware? β
π Read
via "Threat Post".
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.π Read
via "Threat Post".
Threat Post
Clop Raid: A Big Win in the War on Ransomware?
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.
π΄ Google Launches SLSA, A New Framework for Supply Chain Integrity π΄
π Read
via "Dark Reading".
The 'Supply chain Levels for Software Artifacts' aims to ensure the integrity of components throughout the software supply chain.π Read
via "Dark Reading".
π΄ Carnival Cruise Line Reports Security Breach π΄
π Read
via "Dark Reading".
The cruise ship operator says the incident affected employee and guest data.π Read
via "Dark Reading".
Dark Reading
Carnival Cruise Line Reports Security Breach
The cruise ship operator says the incident affected employee and guest data.
π΄ One in Five Manufacturing Firms Targeted by Cyberattacks π΄
π Read
via "Dark Reading".
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.π Read
via "Dark Reading".
Dark Reading
One in Five Manufacturing Firms Targeted by Cyberattacks
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.
βΌ CVE-2021-32695 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.π Read
via "National Vulnerability Database".
π΄ Data Breaches Surge in Food & Beverage, Other Industries π΄
π Read
via "Dark Reading".
Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.π Read
via "Dark Reading".
βΌ CVE-2021-32426 βΌ
π Read
via "National Vulnerability Database".
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32694 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34811 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34553 βΌ
π Read
via "National Vulnerability Database".
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.π Read
via "National Vulnerability Database".
π Friday Five 6/18 π
π Read
via "".
New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/18
New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!