‼ CVE-2021-37594 ‼
📖 Read
via "National Vulnerability Database".
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32610 ‼
📖 Read
via "National Vulnerability Database".
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36766 ‼
📖 Read
via "National Vulnerability Database".
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36004 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35458 ‼
📖 Read
via "National Vulnerability Database".
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37588 ‼
📖 Read
via "National Vulnerability Database".
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.📖 Read
via "National Vulnerability Database".
🦿 Cryptomining scams target Android app users 🦿
📖 Read
via "Tech Republic".
TechRepublic's Karen Roby interviews Lance Whitney about a recent report that detailed how cryptomining scams targeted Android app users and stole an estimated $350,000 from more than 93,000 people.📖 Read
via "Tech Republic".
TechRepublic
Cryptomining scams target Android app users
TechRepublic's Karen Roby interviews Lance Whitney about a recent report that detailed how cryptomining scams targeted Android app users and stole an estimated $350,000 from more than 93,000 people.
🦿 Cyber-physical attacks: Top 5 things to know 🦿
📖 Read
via "Tech Republic".
The recent trend of cyberattacks on physical infrastructure is a concern for everyone. Tom Merritt explains with five things we should know.📖 Read
via "Tech Republic".
TechRepublic
Cyber-physical attacks: Top 5 things to know
The recent trend of cyberattacks on physical infrastructure is a concern for everyone. Tom Merritt explains with five things we should know.
🦿 Top 5 things to know about cyber-physical attacks 🦿
📖 Read
via "Tech Republic".
Tom Merritt breaks down the recent trend of cyberattacks on physical infrastructure and how to prevent them.📖 Read
via "Tech Republic".
TechRepublic
Top 5 things to know about cyber-physical attacks
Tom Merritt breaks down the recent trend of cyberattacks on physical infrastructure and how to prevent them.
🔏 Friday Five 7/30 🔏
📖 Read
via "".
Securing the nation's critical infrastructure, CISOs in high demand, and a new record GDPR fine - catch up with the week's infosec news with this week's Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 7/30
Securing the nation's critical infrastructure, CISOs in high demand, and a new record GDPR fine - catch up with the week's infosec news with this week's Friday Five!
🦿 Ransomware risk management: How to start preparing for the future now 🦿
📖 Read
via "Tech Republic".
TechRepublic's Karen Roby interviews Brandon Vigliarolo about how the ransomware risk management calculus is changing for OT, ICS and critical infrastructure.📖 Read
via "Tech Republic".
TechRepublic
Ransomware risk management: How to start preparing for the future now
TechRepublic's Karen Roby interviews Brandon Vigliarolo about how the ransomware risk management calculus is changing for OT, ICS and critical infrastructure.
‼ CVE-2021-29298 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35193 ‼
📖 Read
via "National Vulnerability Database".
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product, retrieving those credentials only occurs after a username/password authentication step; however, this authentication step is on the client side, and an attacker can develop their own client that skips this step.)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29297 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".📖 Read
via "National Vulnerability Database".
🦿 Create a VirtualBox virtual machine backup on a Linux host for security 🦿
📖 Read
via "Tech Republic".
Jack Wallen teaches you how to use simple bash scripts to automate backing up your VirtualBox VMs.📖 Read
via "Tech Republic".
TechRepublic
Create a VirtualBox virtual machine backup on a Linux host for security
Jack Wallen teaches you how to use simple bash scripts to automate backing up your VirtualBox VMs.
❌ NSA Warns Public Networks are Hacker Hotbeds ❌
📖 Read
via "Threat Post".
Agency warns attackers targeting teleworkers to steal corporate data.📖 Read
via "Threat Post".
Threat Post
NSA Warns Public Networks are Hacker Hotbeds
Agency warns attackers targeting teleworkers to steal corporate data.
🦿 This ethical hacking course could give your cybersecurity career a boost 🦿
📖 Read
via "Tech Republic".
Move up in the profitable field of cybersecurity by improving your ethical hacking skills.📖 Read
via "Tech Republic".
TechRepublic
This ethical hacking course could give your cybersecurity career a boost
Move up in the profitable field of cybersecurity by improving your ethical hacking skills.
‼ CVE-2021-27491 ‼
📖 Read
via "National Vulnerability Database".
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32807 ‼
📖 Read
via "National Vulnerability Database".
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict access to Python modules and only exempt a few that are deemed safe, such as Python's `string` module. However, full access to the `string` module also allows access to the class `Formatter`, which can be overridden and extended within `Script (Python)` in a way that provides access to other unsafe Python libraries. Those unsafe Python libraries can be used for remote code execution. By default, you need to have the admin-level Zope "Manager" role to add or edit `Script (Python)` objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web - which would be a very unusual configuration to begin with - are at risk. The problem has been fixed in AccessControl 4.3 and 5.2. Only AccessControl versions 4 and 5 are vulnerable, and only on Python 3, not Python 2.7. As a workaround, a site administrator can restrict adding/editing `Script (Python)` objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27495 ‼
📖 Read
via "National Vulnerability Database".
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33617 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.📖 Read
via "National Vulnerability Database".