βΌ CVE-2020-18664 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21783 βΌ
π Read
via "National Vulnerability Database".
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32708 βΌ
π Read
via "National Vulnerability Database".
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.π Read
via "National Vulnerability Database".
π΄ Preinstalled Firmware Updater Puts 128 Dell Models at Risk π΄
π Read
via "Dark Reading".
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.π Read
via "Dark Reading".
Dark Reading
Preinstalled Firmware Updater Puts 128 Dell Models at Risk
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
π¦Ώ How to easily join an AlmaLinux server to an Active Directory Domain with Cockpit π¦Ώ
π Read
via "Tech Republic".
Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI.π Read
via "Tech Republic".
TechRepublic
How to easily join an AlmaLinux server to an Active Directory Domain with Cockpit
Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI.
π΄ Tulsa Officials Warn Ransomware Attackers Leaked City Files π΄
π Read
via "Dark Reading".
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.π Read
via "Dark Reading".
Dark Reading
Tulsa Officials Warn Ransomware Attackers Leaked City Files
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
β Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims β
π Read
via "Threat Post".
The infamous ransomware group hit two big-name companies within hours of each other. π Read
via "Threat Post".
Threat Post
Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims
The infamous ransomware group hit two big-name companies within hours of each other.
βΌ CVE-2021-32491 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4945 βΌ
π Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.π Read
via "National Vulnerability Database".
π First CCPA Rights Requests Deadline Looms π
π Read
via "".
Organizations that comply with the CCPA should be aware of an upcoming public reporting requirement deadline, one of the first deadlines under the relatively new law.π Read
via "".
Digital Guardian
First CCPA Rights Requests Deadline Looms
Organizations that comply with the CCPA should be aware of an upcoming public reporting requirement deadline, one of the first deadlines under the relatively new law.
π΄ 74% of Q1 Malware Was Undetectable Via Signature-Based Tools π΄
π Read
via "Dark Reading".
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.π Read
via "Dark Reading".
Dark Reading
74% of Q1 Malware Was Undetectable Via Signature-Based Tools
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
βΌ CVE-2021-32716 βΌ
π Read
via "National Vulnerability Database".
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32711 βΌ
π Read
via "National Vulnerability Database".
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021π Read
via "National Vulnerability Database".
β Spam Downpour Drips New IcedID Banking Trojan Variant β
π Read
via "Threat Post".
The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.π Read
via "Threat Post".
Threat Post
Spam Downpour Drips New IcedID Banking Trojan Variant
The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.
β British tourists charged Β£1000s for pier visits in billing blunder β
π Read
via "Naked Security".
That's a LOT of money just to visit a seaside pier!π Read
via "Naked Security".
Naked Security
British tourists charged Β£1000s for pier visits in billing blunder
Thatβs a LOT of money just to visit a seaside pier!
βΌ CVE-2021-35475 βΌ
π Read
via "National Vulnerability Database".
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.π Read
via "National Vulnerability Database".
β Hackers Crack Pirated Games with Cryptojacking Malware β
π Read
via "Threat Post".
Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.π Read
via "Threat Post".
Threat Post
Hackers Crack Pirated Games with Cryptojacking Malware
Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.
π΄ 7 Unconventional Pieces of Password Wisdom π΄
π Read
via "Dark Reading".
Challenging common beliefs about best practices in password hygiene.π Read
via "Dark Reading".
Dark Reading
7 Unconventional Pieces of Password Wisdom
Challenging common beliefs about best practices in password hygiene.
βΌ CVE-2021-31615 βΌ
π Read
via "National Vulnerability Database".
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35049 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.π Read
via "National Vulnerability Database".
π΄ High-Level FIN7 Member Sentenced to 7 Years in Prison π΄
π Read
via "Dark Reading".
Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.π Read
via "Dark Reading".