π¦Ώ Data resiliency is key to surviving a ransomware attack, expert says π¦Ώ
π Read
via "Tech Republic".
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.π Read
via "Tech Republic".
TechRepublic
Data resiliency is key to surviving a ransomware attack, expert says
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.
π¦Ώ How to be prepared for a ransomware attack: Check your data and backups π¦Ώ
π Read
via "Tech Republic".
Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.π Read
via "Tech Republic".
TechRepublic
How to be prepared for a ransomware attack: Check your data and backups
Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.
π΄ Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO π΄
π Read
via "Dark Reading".
A new report suggests that top management at most companies still don't get security.π Read
via "Dark Reading".
βΌ CVE-2021-34391 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernelΓΒ―ΓΒΏΓΒ½s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34396 βΌ
π Read
via "National Vulnerability Database".
Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34393 βΌ
π Read
via "National Vulnerability Database".
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34395 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34397 βΌ
π Read
via "National Vulnerability Database".
Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34392 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34390 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.π Read
via "National Vulnerability Database".
β SonicWall βBotchesβ October Patch for Critical VPN Bug β
π Read
via "Threat Post".
Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.π Read
via "Threat Post".
Threat Post
SonicWall βBotchesβ October Patch for VPN Bug
Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
βΌ CVE-2021-35210 βΌ
π Read
via "National Vulnerability Database".
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29084 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
β Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE β
π Read
via "Threat Post".
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.π Read
via "Threat Post".
Threat Post
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts β with no patches in sight.
π΄ Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021 π΄
π Read
via "Dark Reading".
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.π Read
via "Dark Reading".
π¦Ώ How to better detect and prevent Business Email Compromise attacks π¦Ώ
π Read
via "Tech Republic".
These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos.π Read
via "Tech Republic".
TechRepublic
How to better detect and prevent Business Email Compromise attacks
These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos.
β REvil Ransomware Code Ripped Off by Rivals β
π Read
via "Threat Post".
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.π Read
via "Threat Post".
Threat Post
REvil Ransomware Code Ripped Off by Rivals
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.
π¦Ώ Employees are valuable assets: Why you need to safeguard them π¦Ώ
π Read
via "Tech Republic".
Two experts suggest calling employees "insider threats" is counterproductive; employees are assets needing protection.π Read
via "Tech Republic".
TechRepublic
Employees are valuable assets: Why you need to safeguard them
Two experts suggest calling employees "insider threats" is counterproductive; employees are assets needing protection.
β Critical Palo Alto Cyber-Defense Bug Allows Remote βWar Roomβ Access β
π Read
via "Threat Post".
Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.π Read
via "Threat Post".
Threat Post
Critical Palo Alto Cyber-Defense Bug Allows Remote βWar Roomβ Access
Remote, unauthenticated cyberattackers can infiltrate the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses, and take command.
βΌ CVE-2021-25950 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20391 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.π Read
via "National Vulnerability Database".