‼ CVE-2021-23399 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20099 ‼
📖 Read
via "National Vulnerability Database".
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20100 ‼
📖 Read
via "National Vulnerability Database".
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.📖 Read
via "National Vulnerability Database".
🦿 Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million 🦿
📖 Read
via "Tech Republic".
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.
🕴 The Role of Encryption in Protecting LGBTQ+ Community Members 🕴
📖 Read
via "Dark Reading".
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.📖 Read
via "Dark Reading".
Dark Reading
The Role of Encryption in Protecting LGBTQ+ Community Members
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution — and strong encryption is a critical part of this equation.
‼ CVE-2021-32496 ‼
📖 Read
via "National Vulnerability Database".
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29157 ‼
📖 Read
via "National Vulnerability Database".
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.📖 Read
via "National Vulnerability Database".
🦿 Android: How to enable the Password Checkup feature 🦿
📖 Read
via "Tech Republic".
Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.📖 Read
via "Tech Republic".
TechRepublic
How to enable Android's Password Checkup feature
Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.
❌ Critical CISO Initiatives for the Second Half of 2021 ❌
📖 Read
via "Threat Post".
Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.📖 Read
via "Threat Post".
Threat Post
Critical CISO Initiatives for the Second Half of 2021
Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.
‼ CVE-2021-28570 ‼
📖 Read
via "National Vulnerability Database".
Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21090 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28575 ‼
📖 Read
via "National Vulnerability Database".
Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
🦿 How developing mental immunity can help you make better cybersecurity decisions 🦿
📖 Read
via "Tech Republic".
Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.📖 Read
via "Tech Republic".
TechRepublic
How developing mental immunity can help you make better cybersecurity decisions
Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.
❌ Microsoft Signs Malware That Spreads Through Gaming ❌
📖 Read
via "Threat Post".
The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.📖 Read
via "Threat Post".
Threat Post
Microsoft Signs Malware That Spreads Through Gaming
The "Netfilter" driver is really a rootkit that talks to Chinese C2s and spoofs gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.
🕴 The Danger of Action Bias: Is It Always Better to Act Quickly? 🕴
📖 Read
via "Dark Reading".
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.📖 Read
via "Dark Reading".
Dark Reading
The Danger of Action Bias: Is It Always Better to Act Quickly?
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.
‼ CVE-2021-32719 ‼
📖 Read
via "National Vulnerability Database".
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20494 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23711 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20572 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.📖 Read
via "National Vulnerability Database".
🕴 An Interesting Approach to Cyber Insurance 🕴
📖 Read
via "Dark Reading".
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.📖 Read
via "Dark Reading".
Dark Reading
An Innovative Approach to Cyber Insurance
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.
❌ Russian Attackers Breach Microsoft Customer Service Accounts ❌
📖 Read
via "Threat Post".
American IT companies and government have been targeted by the Nobelium state-sponsored group. 📖 Read
via "Threat Post".
Threat Post
Attackers Breach Microsoft Customer Service Accounts
American IT companies and government have been targeted by the Nobelium state-sponsored group.