βΌ CVE-2021-22341 βΌ
π Read
via "National Vulnerability Database".
There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35959 βΌ
π Read
via "National Vulnerability Database".
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.π Read
via "National Vulnerability Database".
π¦Ώ Windows 11: Understanding the system requirements and the security benefits π¦Ώ
π Read
via "Tech Republic".
Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.π Read
via "Tech Republic".
TechRepublic
Windows 11: Understanding the system requirements and the security benefits
Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.
βΌ CVE-2021-32566 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35474 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.π Read
via "National Vulnerability Database".
β Police warn of WhatsApp scams in time for Social Media Day β
π Read
via "Naked Security".
Happy Social Media Day! Make it a day to review whether your social media security really is up to scratch.π Read
via "Naked Security".
Naked Security
Police warn of WhatsApp scams in time for Social Media Day
Happy Social Media Day! Make it a day to review whether your social media security really is up to scratch.
βΌ CVE-2021-34383 βΌ
π Read
via "National Vulnerability Database".
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28692 βΌ
π Read
via "National Vulnerability Database".
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34385 βΌ
π Read
via "National Vulnerability Database".
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34373 βΌ
π Read
via "National Vulnerability Database".
Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.π Read
via "National Vulnerability Database".
β Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns β
π Read
via "Threat Post".
A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect peopleβs privacy and avoid inaccurate identificationπ Read
via "Threat Post".
Threat Post
Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns
A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect peopleβs privacy and avoid inaccurate identification
π΄ 9 Hot Trends in Cybersecurity Mergers & Acquisitions π΄
π Read
via "Dark Reading".
Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.π Read
via "Dark Reading".
Dark Reading
9 Hot Trends in Cybersecurity Mergers & Acquisitions
Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.
π¦Ώ Ransomware experts urge victims not to pay, but are they listening? π¦Ώ
π Read
via "Tech Republic".
The number of attacks from, and payouts to, ransomware extortionists continue to rise despite only 20% saying giving into demands is the best course, Menlo Security finds.π Read
via "Tech Republic".
TechRepublic
Ransomware experts urge victims not to pay, but are they listening?
The number of attacks from, and payouts to, ransomware extortionists continue to rise despite only 20% saying giving into demands is the best course, Menlo Security finds.
βΌ CVE-2021-27902 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27903 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).π Read
via "National Vulnerability Database".
β Colombian police arrest Gozi malware suspect after 8 years at large β
π Read
via "Naked Security".
Safe at home, apparently, but not so safe overseas.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Global Socket 1.4.32 π
π Read
via "Packet Storm Security".
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.π Read
via "Packet Storm Security".
Packetstormsecurity
Global Socket 1.4.32 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Faraday 3.16.0 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.16.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Zero-Day Used to Wipe My Book Live Devices β
π Read
via "Threat Post".
Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.π Read
via "Threat Post".
Threat Post
Zero-Day Used to Wipe My Book Live Devices
Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.
βΌ CVE-2021-22376 βΌ
π Read
via "National Vulnerability Database".
There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35971 βΌ
π Read
via "National Vulnerability Database".
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.π Read
via "National Vulnerability Database".