β S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]
Latest episode β listen now!
π¦Ώ The ransomware risk management calculus is changing for OT, ICS and critical infrastructure π¦Ώ
π Read
via "Tech Republic".
Paralysis is the worst possible state for businesses to find themselves in when faced with the threat, says Claroty's CPO.π Read
via "Tech Republic".
TechRepublic
The ransomware risk management calculus is changing for OT, ICS and critical infrastructure
Paralysis is the worst possible state for businesses to find themselves in when faced with the threat, says Claroty's CPO.
π¦Ώ How cyberattacks exploit known security vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.π Read
via "Tech Republic".
TechRepublic
How cyberattacks exploit known security vulnerabilities
Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.
π¦Ώ Systemd can't seem to catch a break: New vulnerability found π¦Ώ
π Read
via "Tech Republic".
A dangerous vulnerability was found in the Linux systemd stack. Find out what it is and how to upgrade your Linux distributions.π Read
via "Tech Republic".
TechRepublic
Systemd can't seem to catch a break: New vulnerability found
A dangerous vulnerability was found in the Linux systemd stack. Find out what it is and how to upgrade your Linux distributions.
βΌ CVE-2021-22001 βΌ
π Read
via "National Vulnerability Database".
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type Γ’β¬Εoauth 1.0Γ’β¬οΏ½ was sent to UAA server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29143 βΌ
π Read
via "National Vulnerability Database".
A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34431 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29149 βΌ
π Read
via "National Vulnerability Database".
A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29148 βΌ
π Read
via "National Vulnerability Database".
A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
β Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day β
π Read
via "Threat Post".
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.π Read
via "Threat Post".
π΄ 7 Hot Cyber Threat Trends to Expect at Black Hat π΄
π Read
via "Dark Reading".
A sneak peek of some of the main themes at Black Hat USA next month.π Read
via "Dark Reading".
Dark Reading
7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
π An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part II π
π Read
via "".
In part two of our Q&A with Adam Burns, we discuss how to expand the security talent pool, the potential impact of automation on infosec, and the biggest challenge facing the industry.π Read
via "".
Digital Guardian
An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part II
In part two of our Q&A with Adam Burns, we discuss how to expand the security talent pool, the potential impact of automation on infosec, and the biggest challenge facing the industry.
π¦Ώ Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games π¦Ώ
π Read
via "Tech Republic".
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.π Read
via "Tech Republic".
TechRepublic
Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.
β Industrial Networks Exposed Through Cloud-Based Operational Tech β
π Read
via "Threat Post".
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.π Read
via "Threat Post".
Threat Post
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.
βΌ CVE-2021-26228 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5316 βΌ
π Read
via "National Vulnerability Database".
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1618 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26762 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1601 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29657 βΌ
π Read
via "National Vulnerability Database".
arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26764 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.π Read
via "National Vulnerability Database".