‼ CVE-2021-3649 ‼
📖 Read
via "National Vulnerability Database".
chatwoot is vulnerable to Inefficient Regular Expression Complexity📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28054 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.📖 Read
via "National Vulnerability Database".
❌ Critical Juniper Bug Allows DoS, RCE Against Carrier Networks ❌
📖 Read
via "Threat Post".
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.📖 Read
via "Threat Post".
Threat Post
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk for the disruption of network service if the bug in SBR Carrier is exploited.
‼ CVE-2020-4821 ‼
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4980 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.📖 Read
via "National Vulnerability Database".
🕴 Recent Attacks Lead to Renewed Calls for Banning Ransom Payments 🕴
📖 Read
via "Dark Reading".
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.📖 Read
via "Dark Reading".
Dark Reading
Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
🦿 The number of false positive security alerts is staggering. Here's what you can do to reduce yours 🦿
📖 Read
via "Tech Republic".
Nearly half of all cybersecurity alerts are false positives, and 75% of companies spend an equal amount of time, or more, on them than on actual attacks, a Fastly/ESG report reveals.📖 Read
via "Tech Republic".
TechRepublic
The number of false positive security alerts is staggering. Here's what you can do to reduce yours
Nearly half of all cybersecurity alerts are false positives, and 75% of companies spend an equal amount of time, or more, on them than on actual attacks, a Fastly/ESG report reveals.
‼ CVE-2021-32769 ‼
📖 Read
via "National Vulnerability Database".
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot.📖 Read
via "National Vulnerability Database".
🕴 Researchers Create New Approach to Detect Brand Impersonation 🕴
📖 Read
via "Dark Reading".
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.📖 Read
via "Dark Reading".
Dark Reading
Researchers Create New Approach to Detect Brand Impersonation
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
❌ Top CVEs Trending with Cybercriminals ❌
📖 Read
via "Threat Post".
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.📖 Read
via "Threat Post".
Threat Post
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.
🦿 Kaseya attack: "Yes, we can do something about this, and we should do something about this" 🦿
📖 Read
via "Tech Republic".
The Kaseya attack is especially unique because it didn't begin with a password breach, and the companies were following cybersecurity best practices. So, how can we protect against this threat?📖 Read
via "Tech Republic".
TechRepublic
Kaseya attack: How ransomeware attacks are like startups and what we need to do about that
The Kaseya attack is especially unique because it didn't begin with a password breach, and the companies were following cybersecurity best practices. So, how can we protect against this threat?
❌ Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers ❌
📖 Read
via "Threat Post".
HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs.📖 Read
via "Threat Post".
Threat Post
Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers
HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs.
‼ CVE-2021-34447 ‼
📖 Read
via "National Vulnerability Database".
Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34464 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Defender Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34522.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34459 ‼
📖 Read
via "National Vulnerability Database".
Windows AppContainer Elevation Of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2019-3752 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36769 ‼
📖 Read
via "National Vulnerability Database".
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36213 ‼
📖 Read
via "National Vulnerability Database".
In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32574 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36773 ‼
📖 Read
via "National Vulnerability Database".
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).📖 Read
via "National Vulnerability Database".
⚠ S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast]
Latest episode – listen now!