π OpenSSH 8.7p1 π
π Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 8.7p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ It's time to retire the Social Security number π¦Ώ
π Read
via "Tech Republic".
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.π Read
via "Tech Republic".
TechRepublic
It's time to retire the Social Security number
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.
π¦Ώ Great Resignation hits IT departments and companies are switching strategies π¦Ώ
π Read
via "Tech Republic".
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.π Read
via "Tech Republic".
TechRepublic
Great Resignation hits IT departments and companies are switching strategies
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
β Japanese cryptocoin exchange robbed of $100,000,000 β
π Read
via "Naked Security".
Another week, another cryptocurrency catastrophe. This time, it's "only" $100 million's worth...π Read
via "Naked Security".
Naked Security
Japanese cryptocoin exchange robbed of $100,000,000
Another week, another cryptocurrency catastrophe. This time, itβs βonlyβ $100 millionβs worthβ¦
β S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast] β
π Read
via "Naked Security".
Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.π Read
via "Naked Security".
Naked Security
S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast]
Lastest episode β listen, laugh and learn! This week, Chester Wisniewski joins us on the show.
βΌ CVE-2020-36474 βΌ
π Read
via "National Vulnerability Database".
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18886 βΌ
π Read
via "National Vulnerability Database".
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18879 βΌ
π Read
via "National Vulnerability Database".
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18885 βΌ
π Read
via "National Vulnerability Database".
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18877 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.π Read
via "National Vulnerability Database".
π Friday Five 8/20 π
π Read
via "".
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 8/20
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!
βΌ CVE-2021-34228 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34218 βΌ
π Read
via "National Vulnerability Database".
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34223 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34207 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34215 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34220 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34433 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35529 βΌ
π Read
via "National Vulnerability Database".
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35984 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28636 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".