βΌ CVE-2021-25652 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25655 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).π Read
via "National Vulnerability Database".
β 30M Dell Devices at Risk for Remote BIOS Attacks, RCE β
π Read
via "Threat Post".
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.π Read
via "Threat Post".
Threat Post
30M Dell Devices at Risk for Remote BIOS Attacks, RCE
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.
β Atlassian Bugs Could Have Led to 1-Click Takeover β
π Read
via "Threat Post".
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.π Read
via "Threat Post".
Threat Post
Atlassian Bugs Could Have Led to 1-Click Takeover
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.
βΌ CVE-2021-21737 βΌ
π Read
via "National Vulnerability Database".
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016π Read
via "National Vulnerability Database".
π΄ rMTD: A Deception Method That Throws Attackers Off Their Game π΄
π Read
via "Dark Reading".
Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities exponentially difficult to exploit. Here's how.π Read
via "Dark Reading".
Dark Reading
rMTD: A Deception Method That Throws Attackers Off Their Game
Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.
β Tulsaβs Police-Citation Data Leaked by Conti Gang β
π Read
via "Threat Post".
A May 6 ransomware attack caused disruption across several of the municipalityβs online services and websites.π Read
via "Threat Post".
Threat Post
Tulsaβs Police-Citation Data Leaked by Conti Gang
A May 6 ransomware attack caused disruption across several of the municipalityβs online services and websites.
π΄ John McAfee, Creator of McAfee Antivirus Software, Dead at 75 π΄
π Read
via "Dark Reading".
McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.π Read
via "Dark Reading".
π΄ Storms & Silver Linings: Avoiding the Dangers of Cloud Migration π΄
π Read
via "Dark Reading".
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?π Read
via "Dark Reading".
βΌ CVE-2021-26585 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28097 βΌ
π Read
via "National Vulnerability Database".
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.π Read
via "National Vulnerability Database".
π¦Ώ Remote Access Trojan now targeting schools with ransomware π¦Ώ
π Read
via "Tech Republic".
Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.π Read
via "Tech Republic".
TechRepublic
Remote Access Trojan now targeting schools with ransomware
Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.
β S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles [Podcast]
Latest episode β listen now!
β Critical VMware Carbon Black Bug Allows Authentication Bypass β
π Read
via "Threat Post".
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.π Read
via "Threat Post".
Threat Post
Critical VMware Carbon Black Bug Allows Authentication Bypass
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
βΌ CVE-2021-24000 βΌ
π Read
via "National Vulnerability Database".
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29963 βΌ
π Read
via "National Vulnerability Database".
Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29953 βΌ
π Read
via "National Vulnerability Database".
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21787 βΌ
π Read
via "National Vulnerability Database".
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.π Read
via "National Vulnerability Database".
π΄ Boardroom Perspectives on Cybersecurity: What It Means for You π΄
π Read
via "Dark Reading".
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.π Read
via "Dark Reading".
βΌ CVE-2020-18664 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21783 βΌ
π Read
via "National Vulnerability Database".
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.π Read
via "National Vulnerability Database".