🕴 Storms & Silver Linings: Avoiding the Dangers of Cloud Migration 🕴
📖 Read
via "Dark Reading".
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?📖 Read
via "Dark Reading".
‼ CVE-2021-26585 ‼
📖 Read
via "National Vulnerability Database".
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28097 ‼
📖 Read
via "National Vulnerability Database".
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.📖 Read
via "National Vulnerability Database".
🦿 Remote Access Trojan now targeting schools with ransomware 🦿
📖 Read
via "Tech Republic".
Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.📖 Read
via "Tech Republic".
TechRepublic
Remote Access Trojan now targeting schools with ransomware
Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.
⚠ S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles [Podcast]
Latest episode – listen now!
❌ Critical VMware Carbon Black Bug Allows Authentication Bypass ❌
📖 Read
via "Threat Post".
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.📖 Read
via "Threat Post".
Threat Post
Critical VMware Carbon Black Bug Allows Authentication Bypass
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
‼ CVE-2021-24000 ‼
📖 Read
via "National Vulnerability Database".
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29963 ‼
📖 Read
via "National Vulnerability Database".
Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29953 ‼
📖 Read
via "National Vulnerability Database".
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21787 ‼
📖 Read
via "National Vulnerability Database".
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.📖 Read
via "National Vulnerability Database".
🕴 Boardroom Perspectives on Cybersecurity: What It Means for You 🕴
📖 Read
via "Dark Reading".
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.📖 Read
via "Dark Reading".
‼ CVE-2020-18664 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21783 ‼
📖 Read
via "National Vulnerability Database".
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32708 ‼
📖 Read
via "National Vulnerability Database".
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.📖 Read
via "National Vulnerability Database".
🕴 Preinstalled Firmware Updater Puts 128 Dell Models at Risk 🕴
📖 Read
via "Dark Reading".
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.📖 Read
via "Dark Reading".
Dark Reading
Preinstalled Firmware Updater Puts 128 Dell Models at Risk
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
🦿 How to easily join an AlmaLinux server to an Active Directory Domain with Cockpit 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI.📖 Read
via "Tech Republic".
TechRepublic
How to easily join an AlmaLinux server to an Active Directory Domain with Cockpit
Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI.
🕴 Tulsa Officials Warn Ransomware Attackers Leaked City Files 🕴
📖 Read
via "Dark Reading".
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.📖 Read
via "Dark Reading".
Dark Reading
Tulsa Officials Warn Ransomware Attackers Leaked City Files
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
❌ Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims ❌
📖 Read
via "Threat Post".
The infamous ransomware group hit two big-name companies within hours of each other. 📖 Read
via "Threat Post".
Threat Post
Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims
The infamous ransomware group hit two big-name companies within hours of each other.
‼ CVE-2021-32491 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4945 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.📖 Read
via "National Vulnerability Database".
🔏 First CCPA Rights Requests Deadline Looms 🔏
📖 Read
via "".
Organizations that comply with the CCPA should be aware of an upcoming public reporting requirement deadline, one of the first deadlines under the relatively new law.📖 Read
via "".
Digital Guardian
First CCPA Rights Requests Deadline Looms
Organizations that comply with the CCPA should be aware of an upcoming public reporting requirement deadline, one of the first deadlines under the relatively new law.