‼ CVE-2020-14032 ‼
📖 Read
via "National Vulnerability Database".
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.📖 Read
via "National Vulnerability Database".
❌ Kaseya Obtains Universal Decryptor for REvil Ransomware ❌
📖 Read
via "Threat Post".
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid.📖 Read
via "Threat Post".
Threat Post
Kaseya Obtains Universal Decryptor for REvil Ransomware
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid.
‼ CVE-2019-9983 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25207 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20333 ‼
📖 Read
via "National Vulnerability Database".
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21; MongoDB Server v4.2 versions prior to 4.2.10;📖 Read
via "National Vulnerability Database".
❌ FIN7’s Liquor Lure Compromises Law Firm with Backdoor ❌
📖 Read
via "Threat Post".
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.📖 Read
via "Threat Post".
Threat Post
FIN7’s Liquor Lure Compromises Law Firm with Backdoor
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.
⚠ US court gets UK Twitter hack suspect arrested in Spain ⚠
📖 Read
via "Naked Security".
O, what a tangled web we weave/When first we practise to deceive!📖 Read
via "Naked Security".
Naked Security
US court gets UK Twitter hack suspect arrested in Spain
O, what a tangled web we weave/When first we practise to deceive!
⚠ S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]
Latest episode – listen now!
🦿 How DuckDuckGo makes money selling search, not privacy 🦿
📖 Read
via "Tech Republic".
Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.📖 Read
via "Tech Republic".
TechRepublic
How DuckDuckGo makes money selling search, not privacy | TechRepublic
Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.
‼ CVE-2021-23412 ‼
📖 Read
via "National Vulnerability Database".
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.📖 Read
via "National Vulnerability Database".
❌ 5 Steps to Improving Ransomware Resiliency ❌
📖 Read
via "Threat Post".
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.📖 Read
via "Threat Post".
Threat Post
5 Steps to Improving Ransomware Resiliency
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.
🛠 Logwatch 7.5.6 🛠
📖 Read
via "Packet Storm Security".
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Logwatch 7.5.6 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Biden Administration Responds to Geopolitical Cyber Threats 🕴
📖 Read
via "Dark Reading".
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.📖 Read
via "Dark Reading".
Dark Reading
Biden Administration Responds to Geopolitical Cyber Threats
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
‼ CVE-2021-25790 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25791 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.📖 Read
via "National Vulnerability Database".
❌ Discord CDN and API Abuses Drive Wave of Malware Detections ❌
📖 Read
via "Threat Post".
Targets of Discord malware expand far beyond gamers.📖 Read
via "Threat Post".
Threat Post
Discord CDN and API Abuses Drive Wave of Malware Detections
Targets of Discord malware expand far beyond gamers.
‼ CVE-2021-25809 ‼
📖 Read
via "National Vulnerability Database".
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25808 ‼
📖 Read
via "National Vulnerability Database".
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20741 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3169 ‼
📖 Read
via "National Vulnerability Database".
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37436 ‼
📖 Read
via "National Vulnerability Database".
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.📖 Read
via "National Vulnerability Database".