‼ CVE-2021-33592 ‼
📖 Read
via "National Vulnerability Database".
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24453 ‼
📖 Read
via "National Vulnerability Database".
The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24452 ‼
📖 Read
via "National Vulnerability Database".
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.📖 Read
via "National Vulnerability Database".
🕴 Breaking Down the Threat of Going All-In With Microsoft Security 🕴
📖 Read
via "Dark Reading".
Limit risk by dividing responsibility for infrastructure, tools, and security.📖 Read
via "Dark Reading".
Dark Reading
Breaking Down the Threat of Going All-In With Microsoft Security
Limit risk by dividing responsibility for infrastructure, tools, and security.
🕴 7 Ways AI and ML Are Helping and Hurting Cybersecurity 🕴
📖 Read
via "Dark Reading".
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.📖 Read
via "Dark Reading".
Dark Reading
7 Ways AI and ML Are Helping and Hurting Cybersecurity
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
‼ CVE-2021-35967 ‼
📖 Read
via "National Vulnerability Database".
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33501 ‼
📖 Read
via "National Vulnerability Database".
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31216 ‼
📖 Read
via "National Vulnerability Database".
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.📖 Read
via "National Vulnerability Database".
🛠 American Fuzzy Lop plus plus 3.14c 🛠
📖 Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.📖 Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.14c ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.3 Source Code 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.3 Source Code ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections ❌
📖 Read
via "Threat Post".
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians -- possible targets of iPhone and Android hacking.📖 Read
via "Threat Post".
Threat Post
Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians — possible targets of iPhone and Android hacking.
‼ CVE-2021-34817 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32014 ‼
📖 Read
via "National Vulnerability Database".
SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.📖 Read
via "National Vulnerability Database".
🕴 When Ransomware Comes to (Your) Town 🕴
📖 Read
via "Dark Reading".
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.📖 Read
via "Dark Reading".
Darkreading
When Ransomware Comes to (Your) Town
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
❌ Protecting Phones From Pegasus-Like Spyware Attacks ❌
📖 Read
via "Threat Post".
Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.📖 Read
via "Threat Post".
Threat Post
Protecting Phones From Pegasus-Like Spyware Attacks
Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.
‼ CVE-2020-36423 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29707 ‼
📖 Read
via "National Vulnerability Database".
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.📖 Read
via "National Vulnerability Database".
🦿 US and allies finger China in Microsoft Exchange hack 🦿
📖 Read
via "Tech Republic".
The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes.📖 Read
via "Tech Republic".
❌ Ruthless Attackers Target Florida Condo Collapse Victims ❌
📖 Read
via "Threat Post".
Hackers are stealing the identities of those lost in the condo-collapse tragedy.📖 Read
via "Threat Post".
Threat Post
Ruthless Attackers Target Florida Condo Collapse Victims
Hackers are stealing the identities of those lost in the condo-collapse tragedy.
🕴 NSO Group Spyware Used On Journalists & Activists Worldwide 🕴
📖 Read
via "Dark Reading".
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.📖 Read
via "Dark Reading".
Dark Reading
NSO Group Spyware Used On Journalists & Activists Worldwide
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
🔏 What is HITECH Compliance? Understanding and Meeting HITECH Requirements 🔏
📖 Read
via "".
Learn about the requirements for HITECH compliance and how to meet them in Data Protection 101, our series on the fundamentals of information security.📖 Read
via "".
Digital Guardian
What is HITECH Compliance? Understanding and Meeting HITECH Requirements
Learn about the requirements for HITECH compliance and how to meet them in Data Protection 101, our series on the fundamentals of information security.