❌ FIN7’s Liquor Lure Compromises Law Firm with Backdoor ❌
📖 Read
via "Threat Post".
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.📖 Read
via "Threat Post".
Threat Post
FIN7’s Liquor Lure Compromises Law Firm with Backdoor
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.
⚠ US court gets UK Twitter hack suspect arrested in Spain ⚠
📖 Read
via "Naked Security".
O, what a tangled web we weave/When first we practise to deceive!📖 Read
via "Naked Security".
Naked Security
US court gets UK Twitter hack suspect arrested in Spain
O, what a tangled web we weave/When first we practise to deceive!
⚠ S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]
Latest episode – listen now!
🦿 How DuckDuckGo makes money selling search, not privacy 🦿
📖 Read
via "Tech Republic".
Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.📖 Read
via "Tech Republic".
TechRepublic
How DuckDuckGo makes money selling search, not privacy | TechRepublic
Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.
‼ CVE-2021-23412 ‼
📖 Read
via "National Vulnerability Database".
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.📖 Read
via "National Vulnerability Database".
❌ 5 Steps to Improving Ransomware Resiliency ❌
📖 Read
via "Threat Post".
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.📖 Read
via "Threat Post".
Threat Post
5 Steps to Improving Ransomware Resiliency
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.
🛠 Logwatch 7.5.6 🛠
📖 Read
via "Packet Storm Security".
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Logwatch 7.5.6 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Biden Administration Responds to Geopolitical Cyber Threats 🕴
📖 Read
via "Dark Reading".
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.📖 Read
via "Dark Reading".
Dark Reading
Biden Administration Responds to Geopolitical Cyber Threats
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
‼ CVE-2021-25790 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25791 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.📖 Read
via "National Vulnerability Database".
❌ Discord CDN and API Abuses Drive Wave of Malware Detections ❌
📖 Read
via "Threat Post".
Targets of Discord malware expand far beyond gamers.📖 Read
via "Threat Post".
Threat Post
Discord CDN and API Abuses Drive Wave of Malware Detections
Targets of Discord malware expand far beyond gamers.
‼ CVE-2021-25809 ‼
📖 Read
via "National Vulnerability Database".
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25808 ‼
📖 Read
via "National Vulnerability Database".
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20741 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3169 ‼
📖 Read
via "National Vulnerability Database".
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37436 ‼
📖 Read
via "National Vulnerability Database".
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23413 ‼
📖 Read
via "National Vulnerability Database".
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3663 ‼
📖 Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37447 ‼
📖 Read
via "National Vulnerability Database".
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37441 ‼
📖 Read
via "National Vulnerability Database".
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37442 ‼
📖 Read
via "National Vulnerability Database".
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.📖 Read
via "National Vulnerability Database".