βΌ CVE-2021-22523 βΌ
π Read
via "National Vulnerability Database".
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35521 βΌ
π Read
via "National Vulnerability Database".
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22522 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30110 βΌ
π Read
via "National Vulnerability Database".
dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35520 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30049 βΌ
π Read
via "National Vulnerability Database".
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30486 βΌ
π Read
via "National Vulnerability Database".
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).π Read
via "National Vulnerability Database".
β S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]
Latest episode β listen now!
π¦Ώ The ransomware risk management calculus is changing for OT, ICS and critical infrastructure π¦Ώ
π Read
via "Tech Republic".
Paralysis is the worst possible state for businesses to find themselves in when faced with the threat, says Claroty's CPO.π Read
via "Tech Republic".
TechRepublic
The ransomware risk management calculus is changing for OT, ICS and critical infrastructure
Paralysis is the worst possible state for businesses to find themselves in when faced with the threat, says Claroty's CPO.
π¦Ώ How cyberattacks exploit known security vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.π Read
via "Tech Republic".
TechRepublic
How cyberattacks exploit known security vulnerabilities
Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.
π¦Ώ Systemd can't seem to catch a break: New vulnerability found π¦Ώ
π Read
via "Tech Republic".
A dangerous vulnerability was found in the Linux systemd stack. Find out what it is and how to upgrade your Linux distributions.π Read
via "Tech Republic".
TechRepublic
Systemd can't seem to catch a break: New vulnerability found
A dangerous vulnerability was found in the Linux systemd stack. Find out what it is and how to upgrade your Linux distributions.
βΌ CVE-2021-22001 βΌ
π Read
via "National Vulnerability Database".
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type Γ’β¬Εoauth 1.0Γ’β¬οΏ½ was sent to UAA server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29143 βΌ
π Read
via "National Vulnerability Database".
A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34431 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29149 βΌ
π Read
via "National Vulnerability Database".
A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29148 βΌ
π Read
via "National Vulnerability Database".
A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
β Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day β
π Read
via "Threat Post".
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.π Read
via "Threat Post".
π΄ 7 Hot Cyber Threat Trends to Expect at Black Hat π΄
π Read
via "Dark Reading".
A sneak peek of some of the main themes at Black Hat USA next month.π Read
via "Dark Reading".
Dark Reading
7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
π An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part II π
π Read
via "".
In part two of our Q&A with Adam Burns, we discuss how to expand the security talent pool, the potential impact of automation on infosec, and the biggest challenge facing the industry.π Read
via "".
Digital Guardian
An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part II
In part two of our Q&A with Adam Burns, we discuss how to expand the security talent pool, the potential impact of automation on infosec, and the biggest challenge facing the industry.
π¦Ώ Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games π¦Ώ
π Read
via "Tech Republic".
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.π Read
via "Tech Republic".
TechRepublic
Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.
β Industrial Networks Exposed Through Cloud-Based Operational Tech β
π Read
via "Threat Post".
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.π Read
via "Threat Post".
Threat Post
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.