β How a gaming mouse can get you Windows superpowers! β
π Read
via "Naked Security".
When a helpful feature (that you probably didn't need) turns into an exploitable vulnerability...π Read
via "Naked Security".
Naked Security
How a gaming mouse can get you Windows superpowers!
When a helpful feature (that you probably didnβt need) turns into an exploitable vulnerabilityβ¦
β Whatβs *THAT* on my 3D printer? Cloud bug lets anyone print to everyone β
π Read
via "Naked Security".
That's funny. I could have sworn I didn't run a print job yesterday... but will you look at that?π Read
via "Naked Security".
Naked Security
Whatβs *THAT* on my 3D printer? Cloud bug lets anyone print to everyone
Thatβs funny. I could have sworn I didnβt run a print job yesterdayβ¦ but will you look at that?
β Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day β
? Read
via "Threat Post".
Cybersecurity watchdog CitizenLab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists β even one living in London at the time.? Read
via "Threat Post".
Threat Post
Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day
The new exploit was deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing to install spyware on iPhones.
βΌ CVE-2021-39137 βΌ
? Read
via "National Vulnerability Database".
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.? Read
via "National Vulnerability Database".
π¦Ώ Don't get rugged: DeFi scams go from zero to $129 million in a year to become top financial hack π¦Ώ
π Read
via "Tech Republic".
Atlas VPN's analysis finds that theft within decentralized finance networks is taking in more money than phishing and ransomware attacks.π Read
via "Tech Republic".
TechRepublic
Don't get rugged: DeFi scams go from zero to $129 million in a year to become top financial hack
Atlas VPN's analysis finds that theft within decentralized finance networks is taking in more money than phishing and ransomware attacks.
π¦Ώ You can remove or update a single entry from the SSH known_hosts file π¦Ώ
π Read
via "Tech Republic".
Sometimes you might need to remove or update an SSH fingerprint of your remote machines in the known_hosts file. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
You can remove or update a single entry from the SSH known_hosts file
Sometimes you might need to remove or update an SSH fingerprint of your remote machines in the known_hosts file. Jack Wallen shows you how.
β Poly Network Recoups $610M Stolen from DeFi Platform β
π Read
via "Threat Post".
The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.π Read
via "Threat Post".
Threat Post
Poly Network Recoups $610M Stolen from DeFi Platform
The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.
π1
βΌ CVE-2021-28615 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28603 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28625 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimΓ’β¬β’s browser when they browse to the page containing the vulnerable field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30906 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30898 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28601 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30864 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28621 βΌ
π Read
via "National Vulnerability Database".
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30870 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28602 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28619 βΌ
π Read
via "National Vulnerability Database".
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30875 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30860 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30897 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".