β Pro-Trump βGettrβ Social Platform Hacked On Day One β
π Read
via "Threat Post".
The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.π Read
via "Threat Post".
Threat Post
Pro-Trump βGettrβ Social Platform Hacked On Day One
The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.
βΌ CVE-2021-35039 βΌ
π Read
via "National Vulnerability Database".
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20738 βΌ
π Read
via "National Vulnerability Database".
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20776 βΌ
π Read
via "National Vulnerability Database".
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.π Read
via "National Vulnerability Database".
β Microsoft Releases Emergency Patch for PrintNightmare Bugs β
π Read
via "Threat Post".
The fix doesnβt cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.π Read
via "Threat Post".
Threat Post
Microsoft Releases Emergency Patch for PrintNightmare Bugs
The fix doesnβt cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.
β Cloud Cryptomining Swindle in Google Play Rakes in Cash β
π Read
via "Threat Post".
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.π Read
via "Threat Post".
Threat Post
Cloud Cryptomining Swindle in Google Play Rakes in Cash
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.
βΌ CVE-2021-22227 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked itπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22230 βΌ
π Read
via "National Vulnerability Database".
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.π Read
via "National Vulnerability Database".
β PrintNightmare official patch is out β update now! β
π Read
via "Naked Security".
Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.π Read
via "Naked Security".
Naked Security
PrintNightmare official patch is out β update now!
Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.
π΄ Autonomous Security Is Essential if the Edge Is to Scale Properly π΄
π Read
via "Dark Reading".
Service demands at the network edge mean customers need to get cost, performance, and security right.π Read
via "Dark Reading".
Dark Reading
Autonomous Security Is Essential if the Edge Is to Scale Properly
Service demands at the network edge mean customers need to get cost, performance, and security right.
π¦Ώ Microsoft rolls out emergency patch for critical PrintNightmare flaw π¦Ώ
π Read
via "Tech Republic".
Fixing a serious security hole in the Windows Print spooler service, the patch is available for almost all versions of Windows, even Windows 7.π Read
via "Tech Republic".
β Why I Love (Breaking Into) Your Security Appliances β
π Read
via "Threat Post".
David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them.π Read
via "Threat Post".
Threat Post
Why I Love (Breaking Into) Your Security Appliances
David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them.
βΌ CVE-2021-34623 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .π Read
via "National Vulnerability Database".
βΌ CVE-2021-34624 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .π Read
via "National Vulnerability Database".
βΌ CVE-2021-22555 βΌ
π Read
via "National Vulnerability Database".
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name spaceπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36212 βΌ
π Read
via "National Vulnerability Database".
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.π Read
via "National Vulnerability Database".
β Fake Kaseya VSA Security Update Drops Cobalt Strike β
π Read
via "Threat Post".
Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.π Read
via "Threat Post".
Threat Post
Fake Kaseya VSA Security Update Drops Cobalt Strike
Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.
π΄ Security 101: The 'PrintNightmare' Flaw π΄
π Read
via "Dark Reading".
A closer look at the printer software vulnerability - and what you can do about it.π Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
π¦Ώ Critical flaws in Windows Print spooler service could allow for remote attacks π¦Ώ
π Read
via "Tech Republic".
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.π Read
via "Tech Republic".
TechRepublic
Critical flaws in Windows Print spooler service could allow for remote attacks
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.
π¦Ώ Critical flaws in Windows Print spooler service could allow for remote attacks π¦Ώ
π Read
via "Tech Republic".
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.π Read
via "Tech Republic".
TechRepublic
Critical flaws in Windows Print spooler service could allow for remote attacks
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.
π Zeek 4.0.3 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.0.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers