π¦Ώ Amazon Kindle flaws could have allowed attackers to control the device π¦Ώ
π Read
via "Tech Republic".
Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data.π Read
via "Tech Republic".
TechRepublic
Amazon Kindle flaws could have allowed attackers to control the device
Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data.
π¦Ώ The most secure browser for transmitting sensitive data is definitely not Chrome π¦Ώ
π Read
via "Tech Republic".
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.π Read
via "Tech Republic".
TechRepublic
The most secure browser for transmitting sensitive data is definitely not Chrome
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.
β Angry Affiliate Leaks Conti Ransomware Gang Playbook β
π Read
via "Threat Post".
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.π Read
via "Threat Post".
Threat Post
Angry Affiliate Leaks Conti Ransomware Gang Playbook
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
β Zoom Settlement: An $85M Business Case for Security Investment β
π Read
via "Threat Post".
Zoomβs security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.π Read
via "Threat Post".
Threat Post
Zoom Settlement: An $85M Business Case for Security Investment
Zoomβs security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.
π΄ Researchers Call for 'CVE' Approach for Cloud Vulnerabilities π΄
π Read
via "Dark Reading".
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.π Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
βΌ CVE-2021-38137 βΌ
π Read
via "National Vulnerability Database".
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor userΓ’β¬β’s privileges, allowing a user to perform actions not belonging to his role.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37552 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36707 βΌ
π Read
via "National Vulnerability Database".
In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37541 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38136 βΌ
π Read
via "National Vulnerability Database".
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A Γ’β¬Λlow privilegedΓ’β¬β’ attacker can read any file on the target host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37547 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37550 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37551 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37553 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37542 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.2.3, XSS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37540 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37554 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37549 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36708 βΌ
π Read
via "National Vulnerability Database".
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37544 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26998 βΌ
π Read
via "National Vulnerability Database".
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.π Read
via "National Vulnerability Database".