βΌ CVE-2020-23241 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23239 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23234 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".π Read
via "National Vulnerability Database".
β Podcast: IoT Piranhas Are Swarming Industrial Controls β
π Read
via "Threat Post".
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.π Read
via "Threat Post".
βΌ CVE-2021-37576 βΌ
π Read
via "National Vulnerability Database".
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18428 βΌ
π Read
via "National Vulnerability Database".
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-18430 βΌ
π Read
via "National Vulnerability Database".
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).π Read
via "National Vulnerability Database".
β Windows βPetitPotamβ network attack β how to protect against it β
π Read
via "Naked Security".
A cute name but an annoying and potentially damaging attack. Here's what to do.π Read
via "Naked Security".
Naked Security
Windows βPetitPotamβ network attack β how to protect against it
A cute name but an annoying and potentially damaging attack. Hereβs what to do.
β Apple Patches Actively Exploited Zero-Day in iOS, MacOS β
π Read
via "Threat Post".
Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.π Read
via "Threat Post".
Threat Post
Apple Patches Actively Exploited Zero-Day in iOS, MacOS
Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
β Apple emergency zero-day fix for iPhones and Macs β get it now! β
π Read
via "Naked Security".
You're probably expecting us to say, "Patch early, patch often." And that is EXACTLY what we're saying!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-20399 βΌ
π Read
via "National Vulnerability Database".
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20562 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.π Read
via "National Vulnerability Database".
β Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers β
π Read
via "Threat Post".
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.π Read
via "Threat Post".
Threat Post
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
β Zimbra Server Bugs Could Lead to Email Plundering β
π Read
via "Threat Post".
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.π Read
via "Threat Post".
Threat Post
Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
βΌ CVE-2021-34432 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.π Read
via "National Vulnerability Database".
π New Microsoft Teams Integration Provides Visibility, Controls to Prevent Data Loss π
π Read
via "".
Digital Guardian's integration with Microsoft Teams allows organizations to reduce the risk of data loss without hampering productivity.π Read
via "".
Digital Guardian
New Microsoft Teams Integration Provides Visibility, Controls to Prevent Data Loss
Digital Guardian's integration with Microsoft Teams allows organizations to reduce the risk of data loss without hampering productivity.
π¦Ώ Frequently asked questions on Extended Detection and Response π¦Ώ
π Read
via "Tech Republic".
This article answers a few of the more common questions from those who are trying to figure out the XDR space.π Read
via "Tech Republic".
TechRepublic
Frequently asked questions on Extended Detection and Response
This article answers a few of the more common questions from those who are trying to figure out the XDR space.
β No More Ransom Saves Victims Nearly β¬1 Over 5 Years β
π Read
via "Threat Post".
No More Ransom is collecting decryptors so ransomware victims donβt have to pay to get their data back and attackers donβt get rich.π Read
via "Threat Post".
Threat Post
No More Ransom Saves Victims Nearly β¬1 billion Over 5 Years
No More Ransom is collecting decryptors so ransomware victims donβt have to pay to get their data back and attackers donβt get rich.
βΌ CVE-2021-32748 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32796 βΌ
π Read
via "National Vulnerability Database".
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32788 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.π Read
via "National Vulnerability Database".