βΌ CVE-2021-34811 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34553 βΌ
π Read
via "National Vulnerability Database".
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.π Read
via "National Vulnerability Database".
π Friday Five 6/18 π
π Read
via "".
New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/18
New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!
π¦Ώ Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices π¦Ώ
π Read
via "Tech Republic".
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.π Read
via "Tech Republic".
TechRepublic
Microsoftβs new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.
β Faux βDarkSideβ Gang Takes Aim at Global Energy, Food Sectors β
π Read
via "Threat Post".
A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.π Read
via "Threat Post".
Threat Post
Faux βDarkSideβ Gang Takes Aim at Global Energy, Food Sectors
A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.
βΌ CVE-2021-33576 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32536 βΌ
π Read
via "National Vulnerability Database".
The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.π Read
via "National Vulnerability Database".
π1
β βOddballβ Malware Blocks Access to Pirated Software β
π Read
via "Threat Post".
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.π Read
via "Threat Post".
Threat Post
βOddballβ Malware Blocks Access to Pirated Software
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.
β Insider Versus Outsider: Navigating Top Data Loss Threats β
π Read
via "Threat Post".
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.π Read
via "Threat Post".
Threat Post
Insider Versus Outsider: Navigating Top Data Loss Threats
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.
βΌ CVE-2005-0394 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26834 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.π Read
via "National Vulnerability Database".
β Carnival Cruise Cyber-Torpedoed by Cyberattack β
π Read
via "Threat Post".
This is the fourth time in a bit over a year that Carnivalβs admitted to breaches, with two of them being ransomware attacks.π Read
via "Threat Post".
Threat Post
Carnival Cruise Cyber-Torpedoed by Cyberattack
This is the fourth time in a bit over a year that Carnivalβs admitted to breaches, with two of them being ransomware attacks.
β Whatβs Making Your Company a Ransomware Sitting Duck β
π Read
via "Threat Post".
What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and whatβs stopping organizations from implementing those steps?π Read
via "Threat Post".
βΌ CVE-2021-3604 βΌ
π Read
via "National Vulnerability Database".
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18442 βΌ
π Read
via "National Vulnerability Database".
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".π Read
via "National Vulnerability Database".
π΄ 11 Security Certifications to Seek Out This Summer π΄
π Read
via "Dark Reading".
The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your security career.π Read
via "Dark Reading".
Dark Reading
11 Security Certifications to Seek Out This Summer
The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your career.
β Can *YOU* blow a PC speaker using only a Linux kernel driver? β
π Read
via "Naked Security".
Can you help? There's a hidden meaning here, and it's time to find it!π Read
via "Naked Security".
Naked Security
Can *YOU* blow a PC speaker using only a Linux kernel driver?
Can you help? Thereβs a hidden meaning here, and itβs time to find it!
β S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]
Latest episode β listen now!
βΌ CVE-2021-33818 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.π Read
via "National Vulnerability Database".
π΄ Accidental Insider Leaks Prove Major Source of Risk π΄
π Read
via "Dark Reading".
Research reports highlight growing concerns around insider negligence that leads to data breaches.π Read
via "Dark Reading".
Dark Reading
Accidental Insider Leaks Prove Major Source of Risk
Research reports highlight growing concerns around insider negligence that leads to data breaches.