βΌ CVE-2021-31868 βΌ
π Read
via "National Vulnerability Database".
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39302 βΌ
π Read
via "National Vulnerability Database".
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34645 βΌ
π Read
via "National Vulnerability Database".
The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0.π Read
via "National Vulnerability Database".
π¦Ώ Why it's important to create a common language of cyber risk π¦Ώ
π Read
via "Tech Republic".
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.π Read
via "Tech Republic".
TechRepublic
Why it's important to create a common language of cyber risk
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
π US Trade Commission Looking into 3D Imaging Trade Secret Theft π
π Read
via "".
One firm claims another took its trade secrets and brought them to China to manufacture the product at a lower cost.π Read
via "".
Digital Guardian
US Trade Commission Looking into 3D Imaging Trade Secret Theft
One firm claims another took its trade secrets and brought them to China to manufacture the product at a lower cost.
βΌ CVE-2021-28490 βΌ
π Read
via "National Vulnerability Database".
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20642 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37597 βΌ
π Read
via "National Vulnerability Database".
WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37598 βΌ
π Read
via "National Vulnerability Database".
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20645 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.π Read
via "National Vulnerability Database".
β Critical Cisco Bug in Small Business Routers to Remain Unpatched β
π Read
via "Threat Post".
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.π Read
via "Threat Post".
Threat Post
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
β InkySquid State Actor Exploiting Known IE Bugs β
π Read
via "Threat Post".
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.π Read
via "Threat Post".
Threat Post
InkySquid State Actor Exploiting Known IE Bugs
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.
β How Ready Are You for a Ransomware Attack? β
π Read
via "Threat Post".
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.π Read
via "Threat Post".
Threat Post
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.
β Whatβs Next for T-Mobile and Its Customers? β Podcast β
π Read
via "Threat Post".
Hopefully not a hacked-up hairball of a βno can doβ message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.π Read
via "Threat Post".
Threat Post
Whatβs Next for T-Mobile and Its Customers? β Podcast
Hopefully not a hacked-up hairball of a βno can doβ message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.
βΌ CVE-2020-18900 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18897 βΌ
π Read
via "National Vulnerability Database".
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18899 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18898 βΌ
π Read
via "National Vulnerability Database".
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.π Read
via "National Vulnerability Database".
π¦Ώ How to protect your T-Mobile account in light of the latest data breach π¦Ώ
π Read
via "Tech Republic".
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.π Read
via "Tech Republic".
TechRepublic
How to protect your T-Mobile account in light of the latest data breach
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.
β Nigerian Threat Actors Solicits Employees to Deploy Ransomware for Cut of Profits β
π Read
via "Threat Post".
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organizationβs network.π Read
via "Threat Post".
Threat Post
Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organizationβs network.
π OpenSSH 8.7p1 π
π Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 8.7p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers