β Cisco Issues Critical Fixes for High-End Nexus Gear β
π Read
via "Threat Post".
Networking giant issues two critical patches and six high-severity patches.π Read
via "Threat Post".
Threat Post
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches.
βΌ CVE-2021-37334 βΌ
π Read
via "National Vulnerability Database".
A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.π Read
via "National Vulnerability Database".
β Microsoft Breaks Silence on Barrage of ProxyShell Attacks β
π Read
via "Threat Post".
versions of the software are affected by a spate of bugs under active exploitations.π Read
via "Threat Post".
Threat Post
Microsoft Breaks Silence on Barrage of ProxyShell Attacks
versions of the software are affected by a spate of bugs under active exploitations.
β Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity β
π Read
via "Threat Post".
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.π Read
via "Threat Post".
Threat Post
Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.
β S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast]
Latest episode β listen now!
βΌ CVE-2021-3734 βΌ
π Read
via "National Vulnerability Database".
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Framesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-27944 βΌ
π Read
via "National Vulnerability Database".
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38559 βΌ
π Read
via "National Vulnerability Database".
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.π Read
via "National Vulnerability Database".
π¦Ώ Tech companies pledge to help toughen US cybersecurity in White House meeting π¦Ώ
π Read
via "Tech Republic".
Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.π Read
via "Tech Republic".
π Wireshark Analyzer 3.4.8 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-36352 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32076 βΌ
π Read
via "National Vulnerability Database".
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the Γ’β¬ΕWeb Help Desk Getting Started WizardΓ’β¬οΏ½, especially the admin account creationpage, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.π Read
via "National Vulnerability Database".
π¦Ώ Google and mobile operating systems top list of privacy concerns, says Kaspersky π¦Ώ
π Read
via "Tech Republic".
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.π Read
via "Tech Republic".
TechRepublic
Google and mobile operating systems top list of privacy concerns, says Kaspersky
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.
β F5 Bug Could Lead to Complete System Takeover β
π Read
via "Threat Post".
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.π Read
via "Threat Post".
Threat Post
F5 Bug Could Lead to Complete System Takeover
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.
βΌ CVE-2021-40147 βΌ
π Read
via "National Vulnerability Database".
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.π Read
via "National Vulnerability Database".
π¦Ώ How to create locally signed SSL certificates with mkcert π¦Ώ
π Read
via "Tech Republic".
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.π Read
via "Tech Republic".
TechRepublic
How to create locally signed SSL certificates with mkcert
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.
π California Reminds Healthcare Orgs of Data Breach Reporting Obligations π
π Read
via "".
Hospitals and healthcare providers in the state have been failing to report ransomware attacks that impact health data belonging to patients.π Read
via "".
Digital Guardian
California Reminds Healthcare Orgs of Data Breach Reporting Obligations
Hospitals and healthcare providers in the state have been failing to report ransomware attacks that impact health data belonging to patients.
βΌ CVE-2021-29487 βΌ
π Read
via "National Vulnerability Database".
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36929 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2020-18476 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18477 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.π Read
via "National Vulnerability Database".