🛡 Cybersecurity & Privacy 🛡 - News

Kaseya supply chain attack impacts more than 1,000 companies

The REvil group is claiming that over 1 million devices have been infected and is demanding $70 million for a universal decryption key.

394 views15:58

❌ Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted ❌

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.

📖 Read

via "Threat Post".

Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.

329 views16:02

🦿 The Audacity! How to wreck an open-source project and anger a community 🦿

Audacity software has been acquired, and the new verbiage added to the privacy policy has the open-source community up in arms.

📖 Read

via "Tech Republic".

The Audacity! How to wreck an open-source project and anger a community

Audacity software has been acquired, and the new verbiage added to the privacy policy has the open-source community up in arms.

302 views16:28

‼ CVE-2021-31771 ‼

Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System.

📖 Read

via "National Vulnerability Database".

291 views16:36

‼ CVE-2021-32740 ‼

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.

📖 Read

via "National Vulnerability Database".

308 views16:36

🕴 It's High Time for a Security Scoring System for Applications and Open Source Libraries 🕴

A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.

📖 Read

via "Dark Reading".

296 views17:16

What is GLBA Compliance? (Understand Requirements)

🔏 What is GLBA Compliance? Understanding the Data Protection Requirements of the Gramm-Leach-Bliley Act in 2021 🔏

Learn about what GLBA means for data protection and how to achieve GLBA compliance in Data Protection 101, our series on the fundamentals of information security.

📖 Read

via "".

Digitalguardian

Learn about what GLBA means for data protection and how to achieve GLBA compliance in Data Protection 101, our series on the fundamentals of information security.

310 views17:20

❌ Western Digital Users Face Another RCE ❌

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

📖 Read

via "Threat Post".

Western Digital Users Face Another RCE

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

321 views17:33

🦿 1 in 4 employees say they still have access to accounts from past jobs, survey finds 🦿

Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.

📖 Read

via "Tech Republic".

1 in 4 employees say they still have access to accounts from past jobs, survey finds

Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.

338 views17:58

🕴 Workers Careless in Sharing & Reusing Corporate Secrets 🕴

A new survey shows leaked enterprise secrets costs companies millions of dollars each year.

📖 Read

via "Dark Reading".

319 views19:16

🦿 The mobile and desktop versions of Firefox Total Cookie Protection are now available 🦿

Jack Wallen explains how to protect your web browsing from supercookies with Firefox's new privacy feature.

📖 Read

via "Tech Republic".

Firefox Total Cookie Protection comes to mobile and desktop versions

Jack Wallen explains what supercookies are and how to protect your web browsing against them with Firefox's new privacy feature.

341 views19:28

❌ Android Apps in Google Play Harvest Facebook Credentials ❌

The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.

📖 Read

via "Threat Post".

Android Apps in Google Play Harvest Facebook Credentials

The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.

325 views20:03

‼ CVE-2021-34190 ‼

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.

📖 Read

via "National Vulnerability Database".

320 views20:37

Researchers Learn From Nation-State Attackers' OpSec Mistakes

🕴 Researchers Learn From Nation-State Attackers' OpSec Mistakes 🕴

Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.

📖 Read

via "Dark Reading".

Dark Reading

Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.

304 views22:16

‼ CVE-2020-22249 ‼

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution

📖 Read

via "National Vulnerability Database".

303 views22:37

‼ CVE-2021-22229 ‼

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.

📖 Read

via "National Vulnerability Database".

319 views22:37

‼ CVE-2020-22251 ‼

Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.

📖 Read

via "National Vulnerability Database".

341 views22:37

‼ CVE-2020-23697 ‼

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.

📖 Read

via "National Vulnerability Database".

350 views22:37

‼ CVE-2021-22228 ‼

An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.

📖 Read

via "National Vulnerability Database".

385 views00:37

❌ Pro-Trump ‘Gettr’ Social Platform Hacked On Day One ❌

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.

📖 Read

via "Threat Post".

Pro-Trump ‘Gettr’ Social Platform Hacked On Day One

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.

438 views03:33