βΌ CVE-2021-32575 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33557 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.π Read
via "National Vulnerability Database".
β Clop Raid: A Big Win in the War on Ransomware? β
π Read
via "Threat Post".
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.π Read
via "Threat Post".
Threat Post
Clop Raid: A Big Win in the War on Ransomware?
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.
π΄ Google Launches SLSA, A New Framework for Supply Chain Integrity π΄
π Read
via "Dark Reading".
The 'Supply chain Levels for Software Artifacts' aims to ensure the integrity of components throughout the software supply chain.π Read
via "Dark Reading".
π΄ Carnival Cruise Line Reports Security Breach π΄
π Read
via "Dark Reading".
The cruise ship operator says the incident affected employee and guest data.π Read
via "Dark Reading".
Dark Reading
Carnival Cruise Line Reports Security Breach
The cruise ship operator says the incident affected employee and guest data.
π΄ One in Five Manufacturing Firms Targeted by Cyberattacks π΄
π Read
via "Dark Reading".
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.π Read
via "Dark Reading".
Dark Reading
One in Five Manufacturing Firms Targeted by Cyberattacks
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.
βΌ CVE-2021-32695 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.π Read
via "National Vulnerability Database".
π΄ Data Breaches Surge in Food & Beverage, Other Industries π΄
π Read
via "Dark Reading".
Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.π Read
via "Dark Reading".
βΌ CVE-2021-32426 βΌ
π Read
via "National Vulnerability Database".
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32694 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34811 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34553 βΌ
π Read
via "National Vulnerability Database".
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.π Read
via "National Vulnerability Database".
π Friday Five 6/18 π
π Read
via "".
New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/18
New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!
π¦Ώ Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices π¦Ώ
π Read
via "Tech Republic".
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.π Read
via "Tech Republic".
TechRepublic
Microsoftβs new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.
β Faux βDarkSideβ Gang Takes Aim at Global Energy, Food Sectors β
π Read
via "Threat Post".
A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.π Read
via "Threat Post".
Threat Post
Faux βDarkSideβ Gang Takes Aim at Global Energy, Food Sectors
A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.
βΌ CVE-2021-33576 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32536 βΌ
π Read
via "National Vulnerability Database".
The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.π Read
via "National Vulnerability Database".
π1
β βOddballβ Malware Blocks Access to Pirated Software β
π Read
via "Threat Post".
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.π Read
via "Threat Post".
Threat Post
βOddballβ Malware Blocks Access to Pirated Software
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.
β Insider Versus Outsider: Navigating Top Data Loss Threats β
π Read
via "Threat Post".
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.π Read
via "Threat Post".
Threat Post
Insider Versus Outsider: Navigating Top Data Loss Threats
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.
βΌ CVE-2005-0394 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26834 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.π Read
via "National Vulnerability Database".