π΄ Researchers Find Significant Vulnerabilities in macOS Privacy Protections π΄
π Read
via "Dark Reading".
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.π Read
via "Dark Reading".
Dark Reading
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
β βCobalt Strikeβ network attack tool patches crashtastic server bug β
π Read
via "Naked Security".
Ahhhh, the irony! Red-team network attack tool has its very own bug for a Blue Team to counterexploit.π Read
via "Naked Security".
Naked Security
βCobalt Strikeβ network attack tool patches crashtastic server bug
Ahhhh, the irony! Red-team network attack tool has its very own bug for Blue Teams to counterexploit.
βΌ CVE-2021-37604 βΌ
π Read
via "National Vulnerability Database".
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22732 βΌ
π Read
via "National Vulnerability Database".
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..π Read
via "National Vulnerability Database".
βΌ CVE-2021-38138 βΌ
π Read
via "National Vulnerability Database".
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37605 βΌ
π Read
via "National Vulnerability Database".
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.π Read
via "National Vulnerability Database".
π Enterprise Security Migration Done Right: Tips from Our CISO π
π Read
via "".
Is your company planning on migrating to a new security solution? Do it the right way and avoid these pitfalls.π Read
via "".
Digital Guardian
Enterprise Security Migration Done Right: Tips from Our CISO
Is your company planning on migrating to a new security solution? Do it the right way and avoid these pitfalls.
βΌ CVE-2021-37625 βΌ
π Read
via "National Vulnerability Database".
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.π Read
via "National Vulnerability Database".
π¦Ώ The most secure browser for transmitting sensitive data is definitely not Chrome π¦Ώ
π Read
via "Tech Republic".
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.π Read
via "Tech Republic".
TechRepublic
The most secure browser for transmitting sensitive data is definitely not Chrome
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.
π¦Ώ Where to find the best-paying cybersecurity jobs π¦Ώ
π Read
via "Tech Republic".
New analysis includes salary data, cost of living and how easy it is to find a job and identifies cities with the best pay and the most open positions.π Read
via "Tech Republic".
TechRepublic
Where to find the best-paying cybersecurity jobs
New analysis includes salary data, cost of living and how easy it is to find a job and identifies cities with the best pay and the most open positions.
β Auditors: Fedsβ Cybersecurity Gets the Dunce Cap β
π Read
via "Threat Post".
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-. π Read
via "Threat Post".
Threat Post
Auditors: Fedsβ Cybersecurity Gets the Dunce Cap
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-.
π΄ Incident Responders Explore Microsoft 365 Attacks in the Wild π΄
π Read
via "Dark Reading".
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.π Read
via "Dark Reading".
Dark Reading
Incident Responders Explore Microsoft 365 Attacks in the Wild
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.
βΌ CVE-2021-29971 βΌ
π Read
via "National Vulnerability Database".
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34638 βΌ
π Read
via "National Vulnerability Database".
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34631 βΌ
π Read
via "National Vulnerability Database".
The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29972 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3566 βΌ
π Read
via "National Vulnerability Database".
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).π Read
via "National Vulnerability Database".
βΌ CVE-2021-3591 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3580 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3679 βΌ
π Read
via "National Vulnerability Database".
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29976 βΌ
π Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.π Read
via "National Vulnerability Database".