‼ CVE-2021-36773 ‼
📖 Read
via "National Vulnerability Database".
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).📖 Read
via "National Vulnerability Database".
⚠ S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast]
Latest episode – listen now!
‼ CVE-2021-33592 ‼
📖 Read
via "National Vulnerability Database".
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24453 ‼
📖 Read
via "National Vulnerability Database".
The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24452 ‼
📖 Read
via "National Vulnerability Database".
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.📖 Read
via "National Vulnerability Database".
🕴 Breaking Down the Threat of Going All-In With Microsoft Security 🕴
📖 Read
via "Dark Reading".
Limit risk by dividing responsibility for infrastructure, tools, and security.📖 Read
via "Dark Reading".
Dark Reading
Breaking Down the Threat of Going All-In With Microsoft Security
Limit risk by dividing responsibility for infrastructure, tools, and security.
🕴 7 Ways AI and ML Are Helping and Hurting Cybersecurity 🕴
📖 Read
via "Dark Reading".
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.📖 Read
via "Dark Reading".
Dark Reading
7 Ways AI and ML Are Helping and Hurting Cybersecurity
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
‼ CVE-2021-35967 ‼
📖 Read
via "National Vulnerability Database".
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33501 ‼
📖 Read
via "National Vulnerability Database".
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31216 ‼
📖 Read
via "National Vulnerability Database".
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.📖 Read
via "National Vulnerability Database".
🛠 American Fuzzy Lop plus plus 3.14c 🛠
📖 Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.📖 Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.14c ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.3 Source Code 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.3 Source Code ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections ❌
📖 Read
via "Threat Post".
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians -- possible targets of iPhone and Android hacking.📖 Read
via "Threat Post".
Threat Post
Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians — possible targets of iPhone and Android hacking.
‼ CVE-2021-34817 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32014 ‼
📖 Read
via "National Vulnerability Database".
SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.📖 Read
via "National Vulnerability Database".
🕴 When Ransomware Comes to (Your) Town 🕴
📖 Read
via "Dark Reading".
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.📖 Read
via "Dark Reading".
Darkreading
When Ransomware Comes to (Your) Town
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
❌ Protecting Phones From Pegasus-Like Spyware Attacks ❌
📖 Read
via "Threat Post".
Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.📖 Read
via "Threat Post".
Threat Post
Protecting Phones From Pegasus-Like Spyware Attacks
Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.
‼ CVE-2020-36423 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29707 ‼
📖 Read
via "National Vulnerability Database".
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.📖 Read
via "National Vulnerability Database".
🦿 US and allies finger China in Microsoft Exchange hack 🦿
📖 Read
via "Tech Republic".
The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes.📖 Read
via "Tech Republic".
❌ Ruthless Attackers Target Florida Condo Collapse Victims ❌
📖 Read
via "Threat Post".
Hackers are stealing the identities of those lost in the condo-collapse tragedy.📖 Read
via "Threat Post".
Threat Post
Ruthless Attackers Target Florida Condo Collapse Victims
Hackers are stealing the identities of those lost in the condo-collapse tragedy.