βΌ CVE-2020-5321 βΌ
π Read
via "National Vulnerability Database".
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29499 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26081 βΌ
π Read
via "National Vulnerability Database".
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26082 βΌ
π Read
via "National Vulnerability Database".
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25051 βΌ
π Read
via "National Vulnerability Database".
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36979 βΌ
π Read
via "National Vulnerability Database".
Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).π Read
via "National Vulnerability Database".
βΌ CVE-2021-26095 βΌ
π Read
via "National Vulnerability Database".
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27021 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.π Read
via "National Vulnerability Database".
β MosaicLoader Malware Delivers Facebook Stealers, RATs β
π Read
via "Threat Post".
The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.π Read
via "Threat Post".
Threat Post
MosaicLoader Malware Delivers Facebook Stealers, RATs
The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.
π¦Ώ Companies are losing the war against phishing as attacks increase in number and sophistication π¦Ώ
π Read
via "Tech Republic".
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.π Read
via "Tech Republic".
TechRepublic
Companies are losing the war against phishing as attacks increase in number and sophistication
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.
β A New Security Paradigm: External Attack Surface Management β
π Read
via "Threat Post".
Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization.π Read
via "Threat Post".
Threat Post
A New Security Paradigm: External Attack Surface Management
Analysts like Gartner have identified EASM as an approach to securing IT assets. This article drills into the capacities of EASM solutions, and how companies can use them.
β 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines β
π Read
via "Threat Post".
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.π Read
via "Threat Post".
Threat Post
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
β Why Your Business Needs a Long-Term Remote Security Strategy β
π Read
via "Threat Post".
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.π Read
via "Threat Post".
Threat Post
Why Your Business Needs a Long-Term Remote Security Strategy
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.
β Apple iPhone patches are out β no news if recent Wi-Fi bug is fixed β
π Read
via "Naked Security".
Remember that weird iPhone Wi-Fi bug from a week or so ago? Let's hope this update patches it!π Read
via "Naked Security".
Naked Security
Apple iPhone patches are out β no news if recent Wi-Fi bug is fixed
Remember that weird iPhone Wi-Fi bug from a week or so ago? Letβs hope this update patches it!
βΌ CVE-2020-15660 βΌ
π Read
via "National Vulnerability Database".
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.π Read
via "National Vulnerability Database".
π¦Ώ Ransomware: International cooperation is needed to curb these cybersecurity threats, says expert π¦Ώ
π Read
via "Tech Republic".
Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution.π Read
via "Tech Republic".
TechRepublic
Ransomware: International cooperation is needed to curb these cybersecurity threats, says expert
Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution.
βΌ CVE-2021-32668 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.π Read
via "National Vulnerability Database".
β Law Firm to the Fortune 500 Breached with Ransomware β
π Read
via "Threat Post".
Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.π Read
via "Threat Post".
Threat Post
Law Firm to the Fortune 500 Breached with Ransomware
Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.
βΌ CVE-2021-32767 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ Your iPhone and the Pegasus spyware hack: What you need to know π¦Ώ
π Read
via "Tech Republic".
iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask.π Read
via "Tech Republic".
TechRepublic
Your iPhone and the Pegasus spyware hack: What you need to know
iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask.
π¦Ώ Top 5 things to know about supply chain attacks π¦Ώ
π Read
via "Tech Republic".
Worried about supply chain attacks? Tom Merritt can help you understand your risk.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about supply chain attacks
Worried about supply chain attacks? Tom Merritt can help you understand your risk.