π An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part I π
π Read
via "".
In part one of our Q&A with Adam Burns, we discuss his background in security, ransomware in the news, and what traits make for a successful analyst.π Read
via "".
Digital Guardian
An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part I
In part one of our Q&A with Adam Burns, we discuss his background in security, ransomware in the news, and what traits make for a successful analyst.
βΌ CVE-2020-12731 βΌ
π Read
via "National Vulnerability Database".
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25593 βΌ
π Read
via "National Vulnerability Database".
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34691 βΌ
π Read
via "National Vulnerability Database".
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.π Read
via "National Vulnerability Database".
π¦Ώ How to add the mic and camera killswitches in Android 12 π¦Ώ
π Read
via "Tech Republic".
Android 12 adds killswitches for both the mic and camera. Jack Wallen shows you how to add them and use them.π Read
via "Tech Republic".
TechRepublic
How to add the mic and camera kill switches in Android 12
Android 12 adds kill switches for both the mic and camera. Jack Wallen shows you how to add them and use them.
β The Code Red worm 20 years on β what have we learned? β
π Read
via "Naked Security".
"It was 20 years ago today..." that we learned a few lessons that are well worth revisiting!π Read
via "Naked Security".
Naked Security
The Code Red worm 20 years on β what have we learned?
βIt was 20 years ago todayβ¦β that we learned a few lessons that are well worth revisiting!
π΄ How to Bridge On-Premises and Cloud Identity π΄
π Read
via "Dark Reading".
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.π Read
via "Dark Reading".
Dark Reading
How to Bridge On-Premises and Cloud Identity
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
βΌ CVE-2021-34429 βΌ
π Read
via "National Vulnerability Database".
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21586 βΌ
π Read
via "National Vulnerability Database".
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3042 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.π Read
via "National Vulnerability Database".
π΄ IoT-Specific Malware Infections Jumped 700% Amid Pandemic π΄
π Read
via "Dark Reading".
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.π Read
via "Dark Reading".
Dark Reading
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
π¦Ώ Cisco Talos researchers find crypto mining detections have doubled in the last year π¦Ώ
π Read
via "Tech Republic".
Security experts recommend looking for increased activity from illicit mining on corporate networks when cryptocurrency prices go up.π Read
via "Tech Republic".
TechRepublic
Cisco Talos researchers find crypto mining detections have doubled in the last year
Security experts recommend looking for increased activity from illicit mining on corporate networks when cryptocurrency prices go up.
βΌ CVE-2021-34830 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20496 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.π Read
via "National Vulnerability Database".
π΄ CISA Launches New Website to Aid Ransomware Defenders π΄
π Read
via "Dark Reading".
StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.π Read
via "Dark Reading".
Dark Reading
CISA Launches New Website to Aid Ransomware Defenders
StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.
π΄ Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents π΄
π Read
via "Dark Reading".
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.π Read
via "Dark Reading".
Dark Reading
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
β Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases β
π Read
via "Threat Post".
The popular e-commerce platform for WordPress has started deploying emergency patches.π Read
via "Threat Post".
Threat Post
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
The popular e-commerce platform for WordPress has started deploying emergency patches.
π΄ State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks π΄
π Read
via "Dark Reading".
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
βΌ CVE-2021-32764 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0293 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss. Continued execution of this command will cause a sustained Denial of Service (DoS) condition. An administrator can use the following CLI command to monitor for increase in memory consumption of the netstat process, if it exists: user@junos> show system processes extensive | match "username|netstat" PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 21181 root 100 0 5458M 4913M CPU3 2 0:59 97.27% netstat The following log message might be observed if this issue happens: kernel: %KERN-3: pid 21181 (netstat), uid 0, was killed: out of swap space This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R2-S8, 18.2R3-S7. 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2; This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0287 βΌ
π Read
via "National Vulnerability Database".
In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.π Read
via "National Vulnerability Database".