π΄ Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE π΄
π Read
via "Dark Reading".
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.π Read
via "Dark Reading".
Dark Reading
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
βΌ CVE-2020-23707 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23705 βΌ
π Read
via "National Vulnerability Database".
A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36758 βΌ
π Read
via "National Vulnerability Database".
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the user is authorized to access, but limited to the existing authorizations of the Secret Automation the token is created in.π Read
via "National Vulnerability Database".
β Microsoft: New Unpatched Bug in Windows Print Spooler β
π Read
via "Threat Post".
Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover.π Read
via "Threat Post".
Threat Post
Microsoft: New Unpatched Bug in Windows Print Spooler
Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover.
βΌ CVE-2021-21802 βΌ
π Read
via "National Vulnerability Database".
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21818 βΌ
π Read
via "National Vulnerability Database".
A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21820 βΌ
π Read
via "National Vulnerability Database".
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21801 βΌ
π Read
via "National Vulnerability Database".
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.π Read
via "National Vulnerability Database".
π΄ How to Attract More Computer Science Grads to the Cybersecurity Field π΄
π Read
via "Dark Reading".
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.π Read
via "Dark Reading".
Dark Reading
How to Attract More Computer Science Grads to the Cybersecurity Field
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
βΌ CVE-2021-1422 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28114 βΌ
π Read
via "National Vulnerability Database".
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.π Read
via "National Vulnerability Database".
π΄ 4 Future Integrated Circuit Threats to Watch π΄
π Read
via "Dark Reading".
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.π Read
via "Dark Reading".
Dark Reading
4 Future Integrated Circuit Threats to Watch
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
π Friday Five 7/16 π
π Read
via "".
iOS zero days, the state of U.S. chipmaking, and the disruption of a phishing ring - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 7/16
iOS zero days, the state of U.S. chipmaking, and the disruption of a phishing ring - catch up on all of the week's infosec news with the Friday Five!
β Want to earn $10 million? Snitch on a cybercrook! β
π Read
via "Naked Security".
Will going after the big guns help to discourage and disrupt the rest of the cybercrime ecosystem? Have your say...π Read
via "Naked Security".
Naked Security
Want to earn $10 million? Snitch on a cybercrook!
Will going after the big guns help to discourage and disrupt the rest of the cybercrime ecosystem? Have your sayβ¦
β Windows 0-Days Used Against Dissidents in Israeli Brokerβs Spyware β
π Read
via "Threat Post".
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.π Read
via "Threat Post".
Threat Post
Windows 0-Days Used Against Dissidents in Israeli Brokerβs Spyware
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.
β More PrintNightmare: βWe TOLD you not to turn the Print Spooler back on!β β
π Read
via "Naked Security".
The PrintNightmare continues. So does our advice, even though it stops your printer working.π Read
via "Naked Security".
Naked Security
More PrintNightmare: βWe TOLD you not to turn the Print Spooler back on!β
The PrintNightmare continues. So does our advice, even though it stops your printer working.
βΌ CVE-2021-3649 βΌ
π Read
via "National Vulnerability Database".
chatwoot is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-28054 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.π Read
via "National Vulnerability Database".
β Critical Juniper Bug Allows DoS, RCE Against Carrier Networks β
π Read
via "Threat Post".
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.π Read
via "Threat Post".
Threat Post
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk for the disruption of network service if the bug in SBR Carrier is exploited.
βΌ CVE-2020-4821 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834π Read
via "National Vulnerability Database".