β Microsoft Crushes 116 Bugs, Three Actively Exploited β
π Read
via "Threat Post".
Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a βPrintNightmareβ month of headaches for system admins.π Read
via "Threat Post".
Threat Post
Microsoft Crushes 116 Bugs, Three Actively Exploited
Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a βPrintNightmareβ month of headaches for system admins.
π΄ Microsoft Patches 3 Windows Zero-Days Amid 117 CVEs π΄
π Read
via "Dark Reading".
The July Patch Tuesday release also includes the out-of-band fix for the Windows Print Spooler remote code execution flaw under attack.π Read
via "Dark Reading".
βΌ CVE-2021-32755 βΌ
π Read
via "National Vulnerability Database".
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.π Read
via "National Vulnerability Database".
π΄ New Phishing Campaign Targets Individuals of Interest to Iran π΄
π Read
via "Dark Reading".
TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.π Read
via "Dark Reading".
Dark Reading
New Phishing Campaign Targets Individuals of Interest to Iran
TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.
βΌ CVE-2020-19721 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-19715 βΌ
π Read
via "National Vulnerability Database".
An integer overflow vulnerability in the getUShort function of Exiv2 0.27.1 results in segmentation faults within the application, leading to a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-20781 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20782 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36373 βΌ
π Read
via "National Vulnerability Database".
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.π Read
via "National Vulnerability Database".
β Windows Hello Bypass Fools Biometrics Safeguards in PCs β
π Read
via "Threat Post".
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system.π Read
via "Threat Post".
Threat Post
Windows Hello Bypass Fools Biometrics Safeguards in PCs
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system.
βΌ CVE-2021-25953 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.π Read
via "National Vulnerability Database".
β Updated Joker Malware Floods into Android Apps β
π Read
via "Threat Post".
The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.π Read
via "Threat Post".
Threat Post
Updated Joker Malware Floods into Android Apps
The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.
π NYDFS Issues Ransomware Prevention Guidance for Financial Services Firms π
π Read
via "".
The NYDFS has issued guidance for financial services companies on how to reduce the risk of ransomware attacks - like having a capable endpoint threat detection and response (EDR) solution in place.π Read
via "".
Digital Guardian
NYDFS Issues Ransomware Prevention Guidance for Financial Services Firms
The NYDFS has issued guidance for financial services companies on how to reduce the risk of ransomware attacks - like having a capable endpoint threat detection and response (EDR) solution in place.
βΌ CVE-2021-33676 βΌ
π Read
via "National Vulnerability Database".
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33683 βΌ
π Read
via "National Vulnerability Database".
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.π Read
via "National Vulnerability Database".
π΄ 4 Integrated Circuit Security Threats and How to Protect Against Them π΄
π Read
via "Dark Reading".
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.π Read
via "Dark Reading".
Dark Reading
4 Current Integrated Circuit Security Threats and How to Protect Against Them
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
π¦Ώ These states saw the most hacks in 2020 π¦Ώ
π Read
via "Tech Republic".
A report uses FBI data to parse out state-by-state hacking data by the number of victims and total financial losses for every 100,000 residents.π Read
via "Tech Republic".
TechRepublic
These states saw the most hacks in 2020
A report uses FBI data to parse out state-by-state hacking data by the number of victims and total financial losses for every 100,000 residents.
π UFONet 1.7 π
π Read
via "Packet Storm Security".
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
UFONet 1.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ Personal data compromises up 38%, according to new cybersecurity report π¦Ώ
π Read
via "Tech Republic".
The report parses out data by industry. Overall, healthcare topped the list, followed by financial services and manufacturing and utilities.π Read
via "Tech Republic".
TechRepublic
Personal data compromises up 38%, according to new cybersecurity report
The report parses out data by industry. Overall, healthcare topped the list, followed by financial services and manufacturing and utilities.
β Home delivery scams get smarter β donβt get caught out β
π Read
via "Naked Security".
We've said it before, and we'll say it again: don't be in too much of a hurry for those home deliveries you're expecting!π Read
via "Naked Security".
Naked Security
Home delivery scams get smarter β donβt get caught out
Weβve said it before, and weβll say it again: donβt be in too much of a hurry for those home deliveries youβre expecting!
βΌ CVE-2021-33211 βΌ
π Read
via "National Vulnerability Database".
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.π Read
via "National Vulnerability Database".