‼ CVE-2021-0563 ‼
📖 Read
via "National Vulnerability Database".
In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0606 ‼
📖 Read
via "National Vulnerability Database".
In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0545 ‼
📖 Read
via "National Vulnerability Database".
In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0539 ‼
📖 Read
via "National Vulnerability Database".
In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673📖 Read
via "National Vulnerability Database".
🕴 Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started 🕴
📖 Read
via "Dark Reading".
Don't overlook crisis communications in your cybersecurity incident response planning.📖 Read
via "Dark Reading".
⚠ Ransomware: What REALLY happens if you pay the crooks? ⚠
📖 Read
via "Naked Security".
Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!)📖 Read
via "Naked Security".
Naked Security
Ransomware: What REALLY happens if you pay the crooks?
Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!)
🕴 7 Powerful Cybersecurity Skills the Energy Sector Needs Most 🕴
📖 Read
via "Dark Reading".
Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.📖 Read
via "Dark Reading".
Dark Reading
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.
‼ CVE-2020-22168 ‼
📖 Read
via "National Vulnerability Database".
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34243 ‼
📖 Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22167 ‼
📖 Read
via "National Vulnerability Database".
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.📖 Read
via "National Vulnerability Database".
❌ Lexmark Printers Open to Arbitrary Code-Execution Zero-Day ❌
📖 Read
via "Threat Post".
“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.📖 Read
via "Threat Post".
Threat Post
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.
❌ Kids’ Apps on Google Play Rife with Privacy Violations ❌
📖 Read
via "Threat Post".
One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.📖 Read
via "Threat Post".
Threat Post
Kids’ Apps on Google Play Rife with Privacy Violations
One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.
🕴 Majority of Web Apps in 11 Industries Are Vulnerable All the Time 🕴
📖 Read
via "Dark Reading".
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.📖 Read
via "Dark Reading".
Dark Reading
Majority of Web Apps in 11 Industries Are Vulnerable All the Time
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
🦿 Splunk launches security products and AWS security enhancements 🦿
📖 Read
via "Tech Republic".
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.📖 Read
via "Tech Republic".
TechRepublic
Splunk launches security products and AWS security enhancements
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.
🕴 NSA Funds Development & Release of D3FEND Framework 🕴
📖 Read
via "Dark Reading".
The framework, now available through MITRE, provides countermeasures to attacks.📖 Read
via "Dark Reading".
Dark Reading
NSA Funds Development & Release of D3FEND Framework
The framework, now available through MITRE, provides countermeasures to attacks.
🕴 Chart: Strength in Numbers 🕴
📖 Read
via "Dark Reading".
More companies are heeding expert advice to beef up their incident-response teams.📖 Read
via "Dark Reading".
Dark Reading
Chart: Strength in Numbers
More companies are heeding expert advice to beef up their incident-response teams.
‼ CVE-2020-18654 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".📖 Read
via "National Vulnerability Database".
❌ Email Bug Allows Message Snooping, Credential Theft ❌
📖 Read
via "Threat Post".
A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.📖 Read
via "Threat Post".
Threat Post
Email Bug Allows Message Snooping, Credential Theft
A year-old proof of concept attack, which allows an attacker to bypass TLS email protections to snoop on messages, has been patched.
🦿 How a Business Email Compromise attack can threaten your organization 🦿
📖 Read
via "Tech Republic".
The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn.📖 Read
via "Tech Republic".
TechRepublic
How a Business Email Compromise attack can threaten your organization
The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn.
🕴 Transmit Security Announces $543M Series A Funding Round 🕴
📖 Read
via "Dark Reading".
The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.📖 Read
via "Dark Reading".
❌ Cryptominers Slither into Python Projects in Supply-Chain Campaign ❌
📖 Read
via "Threat Post".
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.📖 Read
via "Threat Post".
Threat Post
Cryptominers Slither into Python Projects in Supply-Chain Campaign
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.