βΌ CVE-2021-34390 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.π Read
via "National Vulnerability Database".
β SonicWall βBotchesβ October Patch for Critical VPN Bug β
π Read
via "Threat Post".
Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.π Read
via "Threat Post".
Threat Post
SonicWall βBotchesβ October Patch for VPN Bug
Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
βΌ CVE-2021-35210 βΌ
π Read
via "National Vulnerability Database".
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29084 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
β Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE β
π Read
via "Threat Post".
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.π Read
via "Threat Post".
Threat Post
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts β with no patches in sight.
π΄ Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021 π΄
π Read
via "Dark Reading".
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.π Read
via "Dark Reading".
π¦Ώ How to better detect and prevent Business Email Compromise attacks π¦Ώ
π Read
via "Tech Republic".
These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos.π Read
via "Tech Republic".
TechRepublic
How to better detect and prevent Business Email Compromise attacks
These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos.
β REvil Ransomware Code Ripped Off by Rivals β
π Read
via "Threat Post".
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.π Read
via "Threat Post".
Threat Post
REvil Ransomware Code Ripped Off by Rivals
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.
π¦Ώ Employees are valuable assets: Why you need to safeguard them π¦Ώ
π Read
via "Tech Republic".
Two experts suggest calling employees "insider threats" is counterproductive; employees are assets needing protection.π Read
via "Tech Republic".
TechRepublic
Employees are valuable assets: Why you need to safeguard them
Two experts suggest calling employees "insider threats" is counterproductive; employees are assets needing protection.
β Critical Palo Alto Cyber-Defense Bug Allows Remote βWar Roomβ Access β
π Read
via "Threat Post".
Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.π Read
via "Threat Post".
Threat Post
Critical Palo Alto Cyber-Defense Bug Allows Remote βWar Roomβ Access
Remote, unauthenticated cyberattackers can infiltrate the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses, and take command.
βΌ CVE-2021-25950 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20391 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.π Read
via "National Vulnerability Database".
βΌ CVE-2011-1955 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
π An Interview with Ben McGraw, Cybersecurity Manager at Digital Guardian Part I π
π Read
via "".
In part one of our Q&A with Ben McGraw, we discuss his journey to Digital Guardian, insight from DG's Analytics & Reporting Cloud, and what makes a good threat hunter.π Read
via "".
Digital Guardian
An Interview with Ben McGraw, Cybersecurity Manager at Digital Guardian Part I
In part one of our Q&A with Ben McGraw, we discuss his journey to Digital Guardian, insight from DG's Analytics & Reporting Cloud, and what makes a good threat hunter.
π¦Ώ Cybersecurity practices must be applied to vehicles, too π¦Ώ
π Read
via "Tech Republic".
Manufacturers want to pack cars and trucks full of technology, but they need to remember the dangers to those who drive or ride in them.π Read
via "Tech Republic".
TechRepublic
Cybersecurity practices must be applied to vehicles, too
Manufacturers want to pack cars and trucks full of technology, but they need to remember the dangers to those who drive or ride in them.
π΄ When Will Cybersecurity Operations Adopt the Peter Parker Principle? π΄
π Read
via "Dark Reading".
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.π Read
via "Dark Reading".
β Pandemic-Bored Attackers Pummeled Gaming Industry β
π Read
via "Threat Post".
Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.π Read
via "Threat Post".
Threat Post
Pandemic-Bored Attackers Pummeled Gaming Industry
Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.
βΌ CVE-2021-3526 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33624 βΌ
π Read
via "National Vulnerability Database".
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.π Read
via "National Vulnerability Database".
β Iran Media Websites Seized by U.S. in Disinformation Campaign β
π Read
via "Threat Post".
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.π Read
via "Threat Post".
Threat Post
Iran Media Websites Seized by U.S. in Disinformation Campaign
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.
π΄ Survey Seeks to Learn How 2020 Changed Security π΄
π Read
via "Dark Reading".
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.π Read
via "Dark Reading".