βΌ CVE-2020-29157 βΌ
π Read
via "National Vulnerability Database".
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22867 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24133 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36420 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1 allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25318 βΌ
π Read
via "National Vulnerability Database".
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25320 βΌ
π Read
via "National Vulnerability Database".
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.π Read
via "National Vulnerability Database".
β Safari Zero-Day Used in Malicious LinkedIn Campaign β
π Read
via "Threat Post".
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.π Read
via "Threat Post".
Threat Post
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
βΌ CVE-2021-33505 βΌ
π Read
via "National Vulnerability Database".
Falco through 0.28.1 has a Time-of-check Time-of-use (TOCTOU) Race Condition. Issue is fixed in Falco versions >= 0.29.1.π Read
via "National Vulnerability Database".
π¦Ώ Ransomware attackers are growing bolder and using new extortion methods π¦Ώ
π Read
via "Tech Republic".
IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.π Read
via "Tech Republic".
TechRepublic
Ransomware attackers are growing bolder and using new extortion methods
IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.
π Wireshark Analyzer 3.4.7 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ What to Look for in an Effective Threat Hunter π΄
π Read
via "Dark Reading".
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.π Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
β SonicWall Warns Firewall Hardware Bugs Under Attack β
π Read
via "Threat Post".
SonicWall issued an urgent security alert warning customers that some of its current and legacy firewall appliances were under active attack.π Read
via "Threat Post".
Threat Post
SonicWall Warns Secure VPN Hardware Bugs Under Attack
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.
π An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part I π
π Read
via "".
In part one of our Q&A with Adam Burns, we discuss his background in security, ransomware in the news, and what traits make for a successful analyst.π Read
via "".
Digital Guardian
An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part I
In part one of our Q&A with Adam Burns, we discuss his background in security, ransomware in the news, and what traits make for a successful analyst.
βΌ CVE-2020-12731 βΌ
π Read
via "National Vulnerability Database".
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25593 βΌ
π Read
via "National Vulnerability Database".
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34691 βΌ
π Read
via "National Vulnerability Database".
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.π Read
via "National Vulnerability Database".
π¦Ώ How to add the mic and camera killswitches in Android 12 π¦Ώ
π Read
via "Tech Republic".
Android 12 adds killswitches for both the mic and camera. Jack Wallen shows you how to add them and use them.π Read
via "Tech Republic".
TechRepublic
How to add the mic and camera kill switches in Android 12
Android 12 adds kill switches for both the mic and camera. Jack Wallen shows you how to add them and use them.
β The Code Red worm 20 years on β what have we learned? β
π Read
via "Naked Security".
"It was 20 years ago today..." that we learned a few lessons that are well worth revisiting!π Read
via "Naked Security".
Naked Security
The Code Red worm 20 years on β what have we learned?
βIt was 20 years ago todayβ¦β that we learned a few lessons that are well worth revisiting!
π΄ How to Bridge On-Premises and Cloud Identity π΄
π Read
via "Dark Reading".
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.π Read
via "Dark Reading".
Dark Reading
How to Bridge On-Premises and Cloud Identity
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
βΌ CVE-2021-34429 βΌ
π Read
via "National Vulnerability Database".
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21586 βΌ
π Read
via "National Vulnerability Database".
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.π Read
via "National Vulnerability Database".