βΌ CVE-2021-36979 βΌ
π Read
via "National Vulnerability Database".
Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).π Read
via "National Vulnerability Database".
βΌ CVE-2021-26095 βΌ
π Read
via "National Vulnerability Database".
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27021 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.π Read
via "National Vulnerability Database".
β MosaicLoader Malware Delivers Facebook Stealers, RATs β
π Read
via "Threat Post".
The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.π Read
via "Threat Post".
Threat Post
MosaicLoader Malware Delivers Facebook Stealers, RATs
The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.
π¦Ώ Companies are losing the war against phishing as attacks increase in number and sophistication π¦Ώ
π Read
via "Tech Republic".
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.π Read
via "Tech Republic".
TechRepublic
Companies are losing the war against phishing as attacks increase in number and sophistication
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.
β A New Security Paradigm: External Attack Surface Management β
π Read
via "Threat Post".
Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization.π Read
via "Threat Post".
Threat Post
A New Security Paradigm: External Attack Surface Management
Analysts like Gartner have identified EASM as an approach to securing IT assets. This article drills into the capacities of EASM solutions, and how companies can use them.
β 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines β
π Read
via "Threat Post".
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.π Read
via "Threat Post".
Threat Post
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
β Why Your Business Needs a Long-Term Remote Security Strategy β
π Read
via "Threat Post".
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.π Read
via "Threat Post".
Threat Post
Why Your Business Needs a Long-Term Remote Security Strategy
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.
β Apple iPhone patches are out β no news if recent Wi-Fi bug is fixed β
π Read
via "Naked Security".
Remember that weird iPhone Wi-Fi bug from a week or so ago? Let's hope this update patches it!π Read
via "Naked Security".
Naked Security
Apple iPhone patches are out β no news if recent Wi-Fi bug is fixed
Remember that weird iPhone Wi-Fi bug from a week or so ago? Letβs hope this update patches it!
βΌ CVE-2020-15660 βΌ
π Read
via "National Vulnerability Database".
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.π Read
via "National Vulnerability Database".
π¦Ώ Ransomware: International cooperation is needed to curb these cybersecurity threats, says expert π¦Ώ
π Read
via "Tech Republic".
Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution.π Read
via "Tech Republic".
TechRepublic
Ransomware: International cooperation is needed to curb these cybersecurity threats, says expert
Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution.
βΌ CVE-2021-32668 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.π Read
via "National Vulnerability Database".
β Law Firm to the Fortune 500 Breached with Ransomware β
π Read
via "Threat Post".
Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.π Read
via "Threat Post".
Threat Post
Law Firm to the Fortune 500 Breached with Ransomware
Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.
βΌ CVE-2021-32767 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ Your iPhone and the Pegasus spyware hack: What you need to know π¦Ώ
π Read
via "Tech Republic".
iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask.π Read
via "Tech Republic".
TechRepublic
Your iPhone and the Pegasus spyware hack: What you need to know
iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask.
π¦Ώ Top 5 things to know about supply chain attacks π¦Ώ
π Read
via "Tech Republic".
Worried about supply chain attacks? Tom Merritt can help you understand your risk.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about supply chain attacks
Worried about supply chain attacks? Tom Merritt can help you understand your risk.
β Researchers: NSO Groupβs Pegasus Spyware Should Spark Bans, Apple Accountability β
π Read
via "Threat Post".
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.π Read
via "Threat Post".
Threat Post
Researchers: NSO Groupβs Pegasus Spyware Should Spark Bans, Apple Accountability
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.
π¦Ώ Top 5 things to know about supply chain attacks π¦Ώ
π Read
via "Tech Republic".
Worried about supply chain attacks? Tom Merritt can help you understand your risk.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about supply chain attacks
Worried about supply chain attacks? Tom Merritt can help you understand your risk.
βΌ CVE-2020-25206 βΌ
π Read
via "National Vulnerability Database".
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.π Read
via "National Vulnerability Database".
π¦Ώ Security experts: Consistency and security are key in creating vaccine passports π¦Ώ
π Read
via "Tech Republic".
Countries and states have to agree on a consistent platform for vaccine passports in order to make them work effectively.π Read
via "Tech Republic".
TechRepublic
Security experts: Consistency and security are key in creating vaccine passports
Countries and states have to agree on a consistent platform for vaccine passports in order to make them work effectively.
π¦Ώ Vaccine passports have to be consistent so that all countries can recognize them, expert says π¦Ώ
π Read
via "Tech Republic".
This might create problems for those from poorer countries. Their countries may not have the resources to create vaccine passports that are readable everywhere.π Read
via "Tech Republic".
TechRepublic
Vaccine passports have to be consistent so that all countries can recognize them, expert says
This might create problems for those from poorer countries. Their countries may not have the resources to create vaccine passports that are readable everywhere.