‼ CVE-2021-34243 ‼
📖 Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22167 ‼
📖 Read
via "National Vulnerability Database".
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.📖 Read
via "National Vulnerability Database".
❌ Lexmark Printers Open to Arbitrary Code-Execution Zero-Day ❌
📖 Read
via "Threat Post".
“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.📖 Read
via "Threat Post".
Threat Post
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.
❌ Kids’ Apps on Google Play Rife with Privacy Violations ❌
📖 Read
via "Threat Post".
One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.📖 Read
via "Threat Post".
Threat Post
Kids’ Apps on Google Play Rife with Privacy Violations
One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.
🕴 Majority of Web Apps in 11 Industries Are Vulnerable All the Time 🕴
📖 Read
via "Dark Reading".
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.📖 Read
via "Dark Reading".
Dark Reading
Majority of Web Apps in 11 Industries Are Vulnerable All the Time
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
🦿 Splunk launches security products and AWS security enhancements 🦿
📖 Read
via "Tech Republic".
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.📖 Read
via "Tech Republic".
TechRepublic
Splunk launches security products and AWS security enhancements
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.
🕴 NSA Funds Development & Release of D3FEND Framework 🕴
📖 Read
via "Dark Reading".
The framework, now available through MITRE, provides countermeasures to attacks.📖 Read
via "Dark Reading".
Dark Reading
NSA Funds Development & Release of D3FEND Framework
The framework, now available through MITRE, provides countermeasures to attacks.
🕴 Chart: Strength in Numbers 🕴
📖 Read
via "Dark Reading".
More companies are heeding expert advice to beef up their incident-response teams.📖 Read
via "Dark Reading".
Dark Reading
Chart: Strength in Numbers
More companies are heeding expert advice to beef up their incident-response teams.
‼ CVE-2020-18654 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".📖 Read
via "National Vulnerability Database".
❌ Email Bug Allows Message Snooping, Credential Theft ❌
📖 Read
via "Threat Post".
A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.📖 Read
via "Threat Post".
Threat Post
Email Bug Allows Message Snooping, Credential Theft
A year-old proof of concept attack, which allows an attacker to bypass TLS email protections to snoop on messages, has been patched.
🦿 How a Business Email Compromise attack can threaten your organization 🦿
📖 Read
via "Tech Republic".
The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn.📖 Read
via "Tech Republic".
TechRepublic
How a Business Email Compromise attack can threaten your organization
The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn.
🕴 Transmit Security Announces $543M Series A Funding Round 🕴
📖 Read
via "Dark Reading".
The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.📖 Read
via "Dark Reading".
❌ Cryptominers Slither into Python Projects in Supply-Chain Campaign ❌
📖 Read
via "Threat Post".
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.📖 Read
via "Threat Post".
Threat Post
Cryptominers Slither into Python Projects in Supply-Chain Campaign
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.
🛠 Clam AntiVirus Toolkit 0.103.3 🛠
📖 Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.103.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2021-22377 ‼
📖 Read
via "National Vulnerability Database".
There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22382 ‼
📖 Read
via "National Vulnerability Database".
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22361 ‼
📖 Read
via "National Vulnerability Database".
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.📖 Read
via "National Vulnerability Database".
❌ BEC Losses Top $1.8B as Tactics Evolve ❌
📖 Read
via "Threat Post".
BEC attacks getting are more dangerous, and smart users are the ones who can stop it.📖 Read
via "Threat Post".
Threat Post
BEC Losses Top $1.8B as Tactics Evolve
BEC attacks getting are more dangerous, and smart users are the ones who can stop it.
‼ CVE-2021-32699 ‼
📖 Read
via "National Vulnerability Database".
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32700 ‼
📖 Read
via "National Vulnerability Database".
Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.📖 Read
via "National Vulnerability Database".
🦿 Data resiliency is key to surviving a ransomware attack, expert says 🦿
📖 Read
via "Tech Republic".
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.📖 Read
via "Tech Republic".
TechRepublic
Data resiliency is key to surviving a ransomware attack, expert says
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.