βΌ CVE-2021-28570 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21090 βΌ
π Read
via "National Vulnerability Database".
Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28575 βΌ
π Read
via "National Vulnerability Database".
Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
π¦Ώ How developing mental immunity can help you make better cybersecurity decisions π¦Ώ
π Read
via "Tech Republic".
Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.π Read
via "Tech Republic".
TechRepublic
How developing mental immunity can help you make better cybersecurity decisions
Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.
β Microsoft Signs Malware That Spreads Through Gaming β
π Read
via "Threat Post".
The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.π Read
via "Threat Post".
Threat Post
Microsoft Signs Malware That Spreads Through Gaming
The "Netfilter" driver is really a rootkit that talks to Chinese C2s and spoofs gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.
π΄ The Danger of Action Bias: Is It Always Better to Act Quickly? π΄
π Read
via "Dark Reading".
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.π Read
via "Dark Reading".
Dark Reading
The Danger of Action Bias: Is It Always Better to Act Quickly?
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.
βΌ CVE-2021-32719 βΌ
π Read
via "National Vulnerability Database".
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20494 βΌ
π Read
via "National Vulnerability Database".
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23711 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20572 βΌ
π Read
via "National Vulnerability Database".
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.π Read
via "National Vulnerability Database".
π΄ An Interesting Approach to Cyber Insurance π΄
π Read
via "Dark Reading".
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.π Read
via "Dark Reading".
Dark Reading
An Innovative Approach to Cyber Insurance
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.
β Russian Attackers Breach Microsoft Customer Service Accounts β
π Read
via "Threat Post".
American IT companies and government have been targeted by the Nobelium state-sponsored group. π Read
via "Threat Post".
Threat Post
Attackers Breach Microsoft Customer Service Accounts
American IT companies and government have been targeted by the Nobelium state-sponsored group.
π¦Ώ Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million π¦Ώ
π Read
via "Tech Republic".
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.π Read
via "Tech Republic".
TechRepublic
Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.
π΄ Microsoft Tracks Attack Campaign Against Customer Support Agents π΄
π Read
via "Dark Reading".
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.π Read
via "Dark Reading".
βΌ CVE-2020-22607 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22609 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.π Read
via "National Vulnerability Database".
π΄ New House Bill Aims to Drive Americans' Security Awareness π΄
π Read
via "Dark Reading".
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.π Read
via "Dark Reading".
β NVIDIA Patches High-Severity GeForce Spoof-Attack Bug β
π Read
via "Threat Post".
A vulnerability in NVIDIAβs GeForce Experience software opens the door to remote data access, manipulation and deletion.π Read
via "Threat Post".
Threat Post
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
Vulnerability in NVIDIAβs GeForce Experience software opens door to remote data access, manipulation and deletion.
π Data Protection Act of 2021 Would Create US Data Protection Agency π
π Read
via "".
The proposed legislation would create an agency to enforce data protection rules and oversee high-risk data practices.π Read
via "".
Digital Guardian
Data Protection Act of 2021 Would Create US Data Protection Agency
The proposed legislation would create an agency to enforce data protection rules and oversee high-risk data practices.
β 5G Security Vulnerabilities Fluster Mobile Operators β
π Read
via "Threat Post".
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).π Read
via "Threat Post".
Threat Post
5G Security Vulnerabilities Fluster Mobile Operators
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).
π΄ Attacks Erase Western Digital Network-Attached Storage Drives π΄
π Read
via "Dark Reading".
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.π Read
via "Dark Reading".
Dark Reading
Attacks Erase Western Digital Network-Attached Storage Drives
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.