🦿 What is zero trust security? 🦿
📖 Read
via "Tech Republic".
Want a zero-trust security primer on this complex cybersecurity topic? Brandon Vigliarolo breaks it down for you.📖 Read
via "Tech Republic".
TechRepublic
Zero trust security: A cheat sheet
Zero trust means rethinking the safety of every bit of tech on a network. Learn five steps to building a zero trust environment.
‼ CVE-2021-38621 ‼
📖 Read
via "National Vulnerability Database".
The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3573 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3635 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27741 ‼
📖 Read
via "National Vulnerability Database".
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38619 ‼
📖 Read
via "National Vulnerability Database".
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38583 ‼
📖 Read
via "National Vulnerability Database".
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).📖 Read
via "National Vulnerability Database".
🦿 Company size is a nonissue with automated cyberattack tools 🦿
📖 Read
via "Tech Republic".
Even with plenty of old problems to contend with, an expert suggests security pros need to get ready for new and more powerful automated ransomware tools.📖 Read
via "Tech Republic".
TechRepublic
Company size is a nonissue with automated cyberattack tools
Even with plenty of old problems to contend with, an expert suggests security pros need to get ready for new and more powerful automated ransomware tools.
🔏 Friday Five 8/13 🔏
📖 Read
via "".
SBOMs, the biggest cryptocurrency theft in history, and the push for a 72 hour data breach disclosure window - catch up on the week's infosec news with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 8/13
SBOMs, the biggest cryptocurrency theft in history, and the push for a 72 hour data breach disclosure window - catch up on the week's infosec news with the Friday Five!
🦿 Excel is still a security headache after 30 years because of this one feature 🦿
📖 Read
via "Tech Republic".
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.📖 Read
via "Tech Republic".
TechRepublic
Excel is still a security headache after 30 years because of this one feature
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.
🦿 A diverse cybersecurity team can help alleviate the talent shortage 🦿
📖 Read
via "Tech Republic".
Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.📖 Read
via "Tech Republic".
TechRepublic
A diverse cybersecurity team can help alleviate the talent shortage
Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.
🦿 How to install Webmin on Rocky Linux 🦿
📖 Read
via "Tech Republic".
With Webmin, you can better secure and manage your instances of Rocky Linux. Jack Wallen walks you through the process of getting this web-based tool up and running.📖 Read
via "Tech Republic".
TechRepublic
How to install Webmin on Rocky Linux
With Webmin, you can better secure and manage your instances of Rocky Linux. Jack Wallen walks you through the process of getting this web-based tool up and running.
‼ CVE-2021-38553 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36787 ‼
📖 Read
via "National Vulnerability Database".
The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34823 ‼
📖 Read
via "National Vulnerability Database".
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32071 ‼
📖 Read
via "National Vulnerability Database".
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36793 ‼
📖 Read
via "National Vulnerability Database".
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37028 ‼
📖 Read
via "National Vulnerability Database".
There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36785 ‼
📖 Read
via "National Vulnerability Database".
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32068 ‼
📖 Read
via "National Vulnerability Database".
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36792 ‼
📖 Read
via "National Vulnerability Database".
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.📖 Read
via "National Vulnerability Database".