‼ CVE-2020-7870 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.📖 Read
via "National Vulnerability Database".
🦿 How to give users sudo privileges on Ubuntu and Red Hat-based Linux distributions in Linux 🦿
📖 Read
via "Tech Republic".
New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.📖 Read
via "Tech Republic".
TechRepublic
How to give users sudo privileges on Ubuntu and Red Hat-based Linux distributions
New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.
❌ Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks ❌
📖 Read
via "Threat Post".
The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.📖 Read
via "Threat Post".
Threat Post
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
🕴 Technology's Complexity and Opacity Threaten Critical Infrastructure Security 🕴
📖 Read
via "Dark Reading".
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.📖 Read
via "Dark Reading".
‼ CVE-2021-20104 ‼
📖 Read
via "National Vulnerability Database".
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20105 ‼
📖 Read
via "National Vulnerability Database".
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20580 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.📖 Read
via "National Vulnerability Database".
🕴 Survey Data Reveals Gap in Americans' Security Awareness 🕴
📖 Read
via "Dark Reading".
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.📖 Read
via "Dark Reading".
Dark Reading
Survey Data Reveals Gap in Americans' Security Awareness
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
🦿 How legitimate security tool Cobalt Strike is being used in cyberattacks 🦿
📖 Read
via "Tech Republic".
Normally used by organizations for penetration testing, Cobalt Strike is exploited by cybercriminals to launch attacks, says Proofpoint.📖 Read
via "Tech Republic".
TechRepublic
How legitimate security tool Cobalt Strike is being used in cyberattacks
Normally used by organizations for penetration testing, Cobalt Strike is exploited by cybercriminals to launch attacks, says Proofpoint.
🦿 Cyberattacks and ransomware are no longer burglary; they're home invasion, expert says 🦿
📖 Read
via "Tech Republic".
More than 3.5 million people worldwide are needed to play defense against cyberattacks.📖 Read
via "Tech Republic".
TechRepublic
Cyberattacks and ransomware are no longer burglary; they're home invasion, expert says
More than 3.5 million people worldwide are needed to play defense against cyberattacks.
🕴 CISA Publishes Catalog of Poor Security Practices 🕴
📖 Read
via "Dark Reading".
Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.📖 Read
via "Dark Reading".
❌ Users Clueless About Cybersecurity Risks: Study ❌
📖 Read
via "Threat Post".
The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.📖 Read
via "Threat Post".
Threat Post
Users Clueless About Cybersecurity Risks: Study
The return to offices, coupled with uninformed users, has teed up an unprecedented risk of enterprise attack.
🦿 iOS 15: How to enable Mail Privacy Protection 🦿
📖 Read
via "Tech Republic".
If you have access to Apple's iOS 15 Developer Beta, learn how to use an important security feature called Mail Privacy Protection.📖 Read
via "Tech Republic".
TechRepublic
iOS 15: How to enable Mail Privacy Protection
Learn how to use the new iOS 15 security feature called Mail Privacy Protection, which can hide your IP address and other tracking data often sent to marketers without your knowledge.
‼ CVE-2021-32721 ‼
📖 Read
via "National Vulnerability Database".
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22338 ‼
📖 Read
via "National Vulnerability Database".
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23275 ‼
📖 Read
via "National Vulnerability Database".
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29480 ‼
📖 Read
via "National Vulnerability Database".
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation's recommendation.📖 Read
via "National Vulnerability Database".
🕴 Ransomware Losses Drive Up Cyber-Insurance Costs 🕴
📖 Read
via "Dark Reading".
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.📖 Read
via "Dark Reading".
🕴 Google Updates Vulnerability Data Format to Support Automation 🕴
📖 Read
via "Dark Reading".
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.📖 Read
via "Dark Reading".
Dark Reading
Google Updates Vulnerability Data Format to Support Automation
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
‼ CVE-2021-22329 ‼
📖 Read
via "National Vulnerability Database".
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22341 ‼
📖 Read
via "National Vulnerability Database".
There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.📖 Read
via "National Vulnerability Database".