π¦Ώ You don't have to be a tech expert to become a cybersecurity pro π¦Ώ
π Read
via "Tech Republic".
Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand.π Read
via "Tech Republic".
βΌ CVE-2021-36146 βΌ
π Read
via "National Vulnerability Database".
ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34527 βΌ
π Read
via "National Vulnerability Database".
Windows Print Spooler Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
β Ransomware Defense: Top 5 Things to Do Right Now β
π Read
via "Threat Post".
Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.π Read
via "Threat Post".
Threat Post
Ransomware Defense: Top 5 Things to Do Right Now
Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.
βΌ CVE-2021-23401 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.π Read
via "National Vulnerability Database".
π΄ Watch for Cybersecurity Games at the Tokyo Olympics π΄
π Read
via "Dark Reading".
The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.π Read
via "Dark Reading".
β Kaseya ransomware attackers say: βPay $70 million and weβll set everyone freeβ β
π Read
via "Naked Security".
Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2020-26763 βΌ
π Read
via "National Vulnerability Database".
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.π Read
via "National Vulnerability Database".
π SQLMAP - Automatic SQL Injection Tool 1.5.7 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.5.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Kaseya ransomware attackers say: βPay $70 million and weβll set everyone freeβ β
π Read
via "Naked Security".
Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep 39.5: A conversation with Eva Galperin [Podcast] β
π Read
via "Naked Security".
Cryptography, privacy, stalkerware and how infosec professionals relax. Listen, enjoy and learn!π Read
via "Naked Security".
Naked Security
S3 Ep39.5: A conversation with Eva Galperin [Podcast]
Cryptography, privacy, stalkerware and how infosec professionals relax. Listen, enjoy and learn!
β Kaseya Attack Fallout: CISA, FBI Offer Guidance β
π Read
via "Threat Post".
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.π Read
via "Threat Post".
Threat Post
Kaseya Attack Fallout: CISA, FBI Offer Guidance
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.
βΌ CVE-2021-36158 βΌ
π Read
via "National Vulnerability Database".
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32233 βΌ
π Read
via "National Vulnerability Database".
SmarterTools SmarterMail before Build 7776 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24389 βΌ
π Read
via "National Vulnerability Database".
The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24386 βΌ
π Read
via "National Vulnerability Database".
The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24407 βΌ
π Read
via "National Vulnerability Database".
The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ Critical flaws in Windows Print spooler service could allow for remote attacks π¦Ώ
π Read
via "Tech Republic".
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.π Read
via "Tech Republic".
TechRepublic
Critical flaws in Windows Print spooler service could allow for remote attacks
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.
π΄ 8 Ways to Preserve Legal Privilege After a Cybersecurity Incident π΄
π Read
via "Dark Reading".
Knowing your legal distinctions can make defense easier should you end up in court after a breach, attack, or data loss.π Read
via "Dark Reading".
βΌ CVE-2021-27930 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in IRIS IrisNext 9.5.16 allow remote authenticated users to inject arbitrary web script or HTML via a document or folder name that is mishandled when rendering the contact form or search form.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32559 βΌ
π Read
via "National Vulnerability Database".
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.π Read
via "National Vulnerability Database".