βΌ CVE-2021-32698 βΌ
π Read
via "National Vulnerability Database".
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20742 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20733 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.π Read
via "National Vulnerability Database".
β Six Flags to Pay $36M Over Collection of Fingerprints β
π Read
via "Threat Post".
Illinois Supreme Court rules in favor of class action against companyβs practice of scanning peopleβs fingers when they enter amusement parks.π Read
via "Threat Post".
Threat Post
Six Flags to Pay $36M Over Collection of Fingerprints
Illinois Supreme Court rules in favor of class action against companyβs practice of scanning peopleβs fingers when they enter amusement parks.
βΌ CVE-2021-0571 βΌ
π Read
via "National Vulnerability Database".
In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936π Read
via "National Vulnerability Database".
βΌ CVE-2021-0563 βΌ
π Read
via "National Vulnerability Database".
In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358π Read
via "National Vulnerability Database".
βΌ CVE-2021-0606 βΌ
π Read
via "National Vulnerability Database".
In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487π Read
via "National Vulnerability Database".
βΌ CVE-2021-0545 βΌ
π Read
via "National Vulnerability Database".
In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884π Read
via "National Vulnerability Database".
βΌ CVE-2021-0539 βΌ
π Read
via "National Vulnerability Database".
In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673π Read
via "National Vulnerability Database".
π΄ Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started π΄
π Read
via "Dark Reading".
Don't overlook crisis communications in your cybersecurity incident response planning.π Read
via "Dark Reading".
β Ransomware: What REALLY happens if you pay the crooks? β
π Read
via "Naked Security".
Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!)π Read
via "Naked Security".
Naked Security
Ransomware: What REALLY happens if you pay the crooks?
Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!)
π΄ 7 Powerful Cybersecurity Skills the Energy Sector Needs Most π΄
π Read
via "Dark Reading".
Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.π Read
via "Dark Reading".
Dark Reading
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.
βΌ CVE-2020-22168 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34243 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22167 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.π Read
via "National Vulnerability Database".
β Lexmark Printers Open to Arbitrary Code-Execution Zero-Day β
π Read
via "Threat Post".
βNo remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.π Read
via "Threat Post".
Threat Post
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
βNo remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.
β Kidsβ Apps on Google Play Rife with Privacy Violations β
π Read
via "Threat Post".
One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.π Read
via "Threat Post".
Threat Post
Kidsβ Apps on Google Play Rife with Privacy Violations
One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.
π΄ Majority of Web Apps in 11 Industries Are Vulnerable All the Time π΄
π Read
via "Dark Reading".
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.π Read
via "Dark Reading".
Dark Reading
Majority of Web Apps in 11 Industries Are Vulnerable All the Time
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
π¦Ώ Splunk launches security products and AWS security enhancements π¦Ώ
π Read
via "Tech Republic".
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.π Read
via "Tech Republic".
TechRepublic
Splunk launches security products and AWS security enhancements
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.
π΄ NSA Funds Development & Release of D3FEND Framework π΄
π Read
via "Dark Reading".
The framework, now available through MITRE, provides countermeasures to attacks.π Read
via "Dark Reading".
Dark Reading
NSA Funds Development & Release of D3FEND Framework
The framework, now available through MITRE, provides countermeasures to attacks.
π΄ Chart: Strength in Numbers π΄
π Read
via "Dark Reading".
More companies are heeding expert advice to beef up their incident-response teams.π Read
via "Dark Reading".
Dark Reading
Chart: Strength in Numbers
More companies are heeding expert advice to beef up their incident-response teams.