β Western Digital Users Face Another RCE β
π Read
via "Threat Post".
Say hello to one more zero-day and yet more potential remote data death for those who canβt/wonβt upgrade their My Cloud storage devices.π Read
via "Threat Post".
Threat Post
Western Digital Users Face Another RCE
Say hello to one more zero-day and yet more potential remote data death for those who canβt/wonβt upgrade their My Cloud storage devices.
π¦Ώ 1 in 4 employees say they still have access to accounts from past jobs, survey finds π¦Ώ
π Read
via "Tech Republic".
Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.π Read
via "Tech Republic".
TechRepublic
1 in 4 employees say they still have access to accounts from past jobs, survey finds
Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.
π΄ Workers Careless in Sharing & Reusing Corporate Secrets π΄
π Read
via "Dark Reading".
A new survey shows leaked enterprise secrets costs companies millions of dollars each year.π Read
via "Dark Reading".
π¦Ώ The mobile and desktop versions of Firefox Total Cookie Protection are now available π¦Ώ
π Read
via "Tech Republic".
Jack Wallen explains how to protect your web browsing from supercookies with Firefox's new privacy feature.π Read
via "Tech Republic".
TechRepublic
Firefox Total Cookie Protection comes to mobile and desktop versions
Jack Wallen explains what supercookies are and how to protect your web browsing against them with Firefox's new privacy feature.
β Android Apps in Google Play Harvest Facebook Credentials β
π Read
via "Threat Post".
The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.π Read
via "Threat Post".
Threat Post
Android Apps in Google Play Harvest Facebook Credentials
The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.
βΌ CVE-2021-34190 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.π Read
via "National Vulnerability Database".
π΄ Researchers Learn From Nation-State Attackers' OpSec Mistakes π΄
π Read
via "Dark Reading".
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.π Read
via "Dark Reading".
Dark Reading
Researchers Learn From Nation-State Attackers' OpSec Mistakes
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.
βΌ CVE-2020-22249 βΌ
π Read
via "National Vulnerability Database".
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22229 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22251 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23697 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22228 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.π Read
via "National Vulnerability Database".
β Pro-Trump βGettrβ Social Platform Hacked On Day One β
π Read
via "Threat Post".
The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.π Read
via "Threat Post".
Threat Post
Pro-Trump βGettrβ Social Platform Hacked On Day One
The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.
βΌ CVE-2021-35039 βΌ
π Read
via "National Vulnerability Database".
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20738 βΌ
π Read
via "National Vulnerability Database".
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20776 βΌ
π Read
via "National Vulnerability Database".
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.π Read
via "National Vulnerability Database".
β Microsoft Releases Emergency Patch for PrintNightmare Bugs β
π Read
via "Threat Post".
The fix doesnβt cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.π Read
via "Threat Post".
Threat Post
Microsoft Releases Emergency Patch for PrintNightmare Bugs
The fix doesnβt cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.
β Cloud Cryptomining Swindle in Google Play Rakes in Cash β
π Read
via "Threat Post".
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.π Read
via "Threat Post".
Threat Post
Cloud Cryptomining Swindle in Google Play Rakes in Cash
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.
βΌ CVE-2021-22227 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked itπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22230 βΌ
π Read
via "National Vulnerability Database".
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.π Read
via "National Vulnerability Database".
β PrintNightmare official patch is out β update now! β
π Read
via "Naked Security".
Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.π Read
via "Naked Security".
Naked Security
PrintNightmare official patch is out β update now!
Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.