β βFriendsβ Reunion Anchors Video Swindle β
π Read
via "Threat Post".
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.π Read
via "Threat Post".
Threat Post
βFriendsβ Reunion Anchors Video Swindle
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.
βΌ CVE-2021-38548 βΌ
π Read
via "National Vulnerability Database".
JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20420 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3046 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38547 βΌ
π Read
via "National Vulnerability Database".
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38549 βΌ
π Read
via "National Vulnerability Database".
MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3047 βΌ
π Read
via "National Vulnerability Database".
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38544 βΌ
π Read
via "National Vulnerability Database".
Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3045 βΌ
π Read
via "National Vulnerability Database".
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20427 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38545 βΌ
π Read
via "National Vulnerability Database".
Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the Raspberry Pi supplies power to some speakers. The power indicator LED of the Raspberry Pi is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, we can recover the sound played by the speakers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38543 βΌ
π Read
via "National Vulnerability Database".
TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20418 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38546 βΌ
π Read
via "National Vulnerability Database".
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3050 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3048 βΌ
π Read
via "National Vulnerability Database".
Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted.π Read
via "National Vulnerability Database".
β NSA Watchdog Will Review Tucker Carlson Spying Claims β
π Read
via "Threat Post".
Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted.π Read
via "Threat Post".
Threat Post
NSA Watchdog Will Review Tucker Carlson Spying Claims
Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted.
π¦Ώ Top 5 ransomware operators by income π¦Ώ
π Read
via "Tech Republic".
Tom Merritt lists the most lucrative ransomware gangs and why they're dangerous.π Read
via "Tech Republic".
TechRepublic
Top 5 ransomware operators by income
Tom Merritt lists the most lucrative ransomware gangs and why they're dangerous.
π¦Ώ Ransomware operators by income: Top 5 π¦Ώ
π Read
via "Tech Republic".
Ransomware gangs continue because they make a lot of money. Tom Merritt talks about the five most lucrative ones.π Read
via "Tech Republic".
TechRepublic
Ransomware operators by income: Top 5
Ransomware gangs continue because they make a lot of money. Tom Merritt talks about the five most lucrative ones.
π White House Presses Agencies to Protect Critical Software π
π Read
via "".
The countdown is on for federal agencies to identify and safeguard critical software. A new White House memo gives entities one year to incorporate new security measures.π Read
via "".
βΌ CVE-2020-21976 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.π Read
via "National Vulnerability Database".