βΌ CVE-2021-38710 βΌ
π Read
via "National Vulnerability Database".
Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0407 βΌ
π Read
via "National Vulnerability Database".
In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.π Read
via "National Vulnerability Database".
π¦Ώ The top 3 cryptocurrency scams of 2021 π¦Ώ
π Read
via "Tech Republic".
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.π Read
via "Tech Republic".
TechRepublic
The top 3 cryptocurrency scams of 2021
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.
β Video surveillance network hacked by researchers to hijack footage β
π Read
via "Naked Security".
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...π Read
via "Naked Security".
Naked Security
Video surveillance network hacked by researchers to hijack footage
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you onlineβ¦
β T-Mobile: >40 Million Customersβ Data Stolen β
π Read
via "Threat Post".
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.π Read
via "Threat Post".
Threat Post
T-Mobile: >40 Million Customersβ Data Stolen
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.
βΌ CVE-2021-23425 βΌ
π Read
via "National Vulnerability Database".
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39283 βΌ
π Read
via "National Vulnerability Database".
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23069 βΌ
π Read
via "National Vulnerability Database".
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28146 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39282 βΌ
π Read
via "National Vulnerability Database".
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18875 βΌ
π Read
via "National Vulnerability Database".
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32728 βΌ
π Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23424 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.π Read
via "National Vulnerability Database".
π¦Ώ Hackers are getting better at their jobs, but people are getting better at prevention π¦Ώ
π Read
via "Tech Republic".
Expert says people are becoming smarter about the links they click on and noticing the ones they shouldn't, giving hope for the future of cybersecurity.π Read
via "Tech Republic".
TechRepublic
Hackers are getting better at their jobs, but people are getting better at prevention
Expert says people are becoming smarter about the links they click on and noticing the ones they shouldn't, giving hope for the future of cybersecurity.
π¦Ώ ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping π¦Ώ
π Read
via "Tech Republic".
71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.π Read
via "Tech Republic".
TechRepublic
ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping
71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.
π¦Ώ Cybercriminals are getting more sophisticated and better at going unnoticed π¦Ώ
π Read
via "Tech Republic".
Human error is still responsible for the majority of breaches, but we're getting better about watching for suspicious links, expert says.π Read
via "Tech Republic".
TechRepublic
Cybercriminals are getting more sophisticated and better at going unnoticed
Human error is still responsible for the majority of breaches, but we're getting better about watching for suspicious links, expert says.
β Bogus Cryptomining Apps Infest Google Play β
π Read
via "Threat Post".
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.π Read
via "Threat Post".
Threat Post
Bogus Cryptomining Apps Infest Google Play
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.
π Banking Groups Push Back Against 24 Hour Breach Disclosure Bill π
π Read
via "".
Recent plans to adjust federal rules around disclosing data breaches have drawn the ire of the banking community.π Read
via "".
π¦Ώ Zero-trust security is a great preventer of cyberattacks, expert says π¦Ώ
π Read
via "Tech Republic".
The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.π Read
via "Tech Republic".
TechRepublic
Zero-trust security is a great preventer of cyberattacks, expert says
The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.
βΌ CVE-2020-22120 βΌ
π Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39270 βΌ
π Read
via "National Vulnerability Database".
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.π Read
via "National Vulnerability Database".