βΌ CVE-2020-28589 βΌ
π Read
via "National Vulnerability Database".
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0061 βΌ
π Read
via "National Vulnerability Database".
Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
β Kaseyaβs βMaster Keyβ to REvil Attack Leaked Online β
π Read
via "Threat Post".
The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said.π Read
via "Threat Post".
Threat Post
Kaseyaβs βMaster Keyβ to REvil Attack Leaked Online
The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said.
β Crypto Hack Earned Crooks $600 Million β
π Read
via "Threat Post".
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.π Read
via "Threat Post".
Threat Post
Crypto Hack Earned Crooks $600 Million
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.
β SAP Patches Nine Critical & High-Severity Bugs β
π Read
via "Threat Post".
Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.π Read
via "Threat Post".
Threat Post
SAP Patches Nine Critical & High-Severity Bugs
Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.
βΌ CVE-2019-25052 βΌ
π Read
via "National Vulnerability Database".
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34640 βΌ
π Read
via "National Vulnerability Database".
The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4.π Read
via "National Vulnerability Database".
π Faraday 3.17.0 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.17.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Hacker grabs $600m in cryptocash from blockchain company Poly Networks β
π Read
via "Naked Security".
Where have all the cryptocoins gone? Will we ever get them back?π Read
via "Naked Security".
Naked Security
Hacker grabs $600m in cryptocash from blockchain company Poly Networks
Where have all the cryptocoins gone? Will we ever get them back?
β Home and small business routers under attack β how to see if you are at risk β
π Read
via "Naked Security".
Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.π Read
via "Naked Security".
Naked Security
Home and small business routers under attack β how to see if you are at risk
Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.
β βFriendsβ Reunion Anchors Video Swindle β
π Read
via "Threat Post".
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.π Read
via "Threat Post".
Threat Post
βFriendsβ Reunion Anchors Video Swindle
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.
βΌ CVE-2021-38548 βΌ
π Read
via "National Vulnerability Database".
JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20420 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3046 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38547 βΌ
π Read
via "National Vulnerability Database".
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38549 βΌ
π Read
via "National Vulnerability Database".
MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3047 βΌ
π Read
via "National Vulnerability Database".
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38544 βΌ
π Read
via "National Vulnerability Database".
Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3045 βΌ
π Read
via "National Vulnerability Database".
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20427 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38545 βΌ
π Read
via "National Vulnerability Database".
Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the Raspberry Pi supplies power to some speakers. The power indicator LED of the Raspberry Pi is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, we can recover the sound played by the speakers.π Read
via "National Vulnerability Database".