π¦Ώ Bitwarden has a new Send feature: Here's how to use it π¦Ώ
π Read
via "Tech Republic".
This tool will make this productβprobably the best password manager on the marketβeven better.π Read
via "Tech Republic".
TechRepublic
How to use Bitwarden's new Send feature
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.
β MacOS Targeted in WildPressure APT Malware Campaign β
π Read
via "Threat Post".
Threat actors enlist compromised WordPress websites in campaign targeting macOS users.π Read
via "Threat Post".
Threat Post
MacOS Targeted in WildPressure APT Malware Campaign
Threat actors enlist compromised WordPress websites in campaign targeting macOS users.
βΌ CVE-2021-20416 βΌ
π Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20415 βΌ
π Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.π Read
via "National Vulnerability Database".
π¦Ώ What to do when 2FA won't allow you into your Linux servers π¦Ώ
π Read
via "Tech Republic".
If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you.π Read
via "Tech Republic".
TechRepublic
What to do when 2FA won't allow you into your Linux servers
If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you.
β Critical Sage X3 RCE Bug Allows Full System Takeovers β
π Read
via "Threat Post".
Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims' business-critical processes and to intercept data.π Read
via "Threat Post".
Threat Post
Critical Sage X3 RCE Bug Allows Full System Takeovers
Security vulnerabilities in the enterprise resource-planning (ERP) platform could allow attackers to tamper or sabotage victims' business-critical processes and intercept data.
π΄ Sophos Acquires Capsule8 for Linux Server & Container Security π΄
π Read
via "Dark Reading".
The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.π Read
via "Dark Reading".
π Changes to Nevada's Privacy Law Includes Requirements for Data Brokers π
π Read
via "".
Recent changes to Nevadaβs privacy law, effective October 1, 2021, give residents a broader right to opt out of sales and puts the onus on "data brokers" to respond to such requests.π Read
via "".
Digitalguardian
Changes to Nevada's Privacy Law Includes Requirements for Data Brokers
Recent changes to Nevadaβs privacy law, effective October 1, 2021, give residents a broader right to opt out of sales and puts the onus on "data brokers" to respond to such requests.
π΄ Fake Android Apps Promise Cryptomining Services to Steal Funds π΄
π Read
via "Dark Reading".
Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.π Read
via "Dark Reading".
π¦Ώ $13.7 million: Atlas VPN adds up the impact of the top 10 most successful blockchain scams π¦Ώ
π Read
via "Tech Republic".
A new report finds that fake investment scams have netted the most funds among all the types of active blockchain scams.π Read
via "Tech Republic".
TechRepublic
$13.7 million: Atlas VPN adds up the impact of the top 10 most successful blockchain scams
A new report finds that fake investment scams have netted the most funds among all the types of active blockchain scams.
βΌ CVE-2020-23702 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36217 βΌ
π Read
via "National Vulnerability Database".
Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command.π Read
via "National Vulnerability Database".
π΄ Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours π΄
π Read
via "Dark Reading".
Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.π Read
via "Dark Reading".
Dark Reading
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
π¦Ώ Scammers exploiting Kaseya ransomware attack to deploy malware π¦Ώ
π Read
via "Tech Republic".
A new phishing campaign claims to offer a security update for Kaseya's VSA software but actually tries to install malware, says Malwarebytes.π Read
via "Tech Republic".
TechRepublic
Scammers exploiting Kaseya ransomware attack to deploy malware
A new phishing campaign claims to offer a security update for Kaseya's VSA software but actually tries to install malware, says Malwarebytes.
βΌ CVE-2021-32714 βΌ
π Read
via "National Vulnerability Database".
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in "request smuggling" or "desync attacks." The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.π Read
via "National Vulnerability Database".
βΌ CVE-2007-5002 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21775 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21807 βΌ
π Read
via "National Vulnerability Database".
An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34430 βΌ
π Read
via "National Vulnerability Database".
Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28809 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2021-31817 βΌ
π Read
via "National Vulnerability Database".
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.π Read
via "National Vulnerability Database".