β Digital State IDs Start Rollouts Despite Privacy Concerns β
π Read
via "Threat Post".
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.π Read
via "Threat Post".
Threat Post
Digital State IDs Start Rollouts Despite Privacy Concerns
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
β WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted β
π Read
via "Threat Post".
Users should be careful whose pics they view and should, of course, update their apps.π Read
via "Threat Post".
Threat Post
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted
Users should be careful whose pics they view and should, of course, update their apps.
β 7 Ways to Defend Mobile Apps, APIs from Cyberattacks β
π Read
via "Threat Post".
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.π Read
via "Threat Post".
Threat Post
7 Ways to Defend Mobile Apps, APIs from Cyberattacks
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.
βΌ CVE-2021-3757 βΌ
π Read
via "National Vulnerability Database".
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3758 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Server-Side Request Forgery (SSRF)π Read
via "National Vulnerability Database".
π¦Ώ FBI and CISA warn of potential cyberattacks this holiday weekend, citing past trends π¦Ώ
π Read
via "Tech Republic".
The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.π Read
via "Tech Republic".
β Cisco Patches Critical Authentication Bug With Public Exploit β
π Read
via "Threat Post".
There's proof-of-concept code out for the near-maximum critical β rated at 9.8 β authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.π Read
via "Threat Post".
Threat Post
Cisco Patches Critical Authentication Bug With Public Exploit
There's proof-of-concept code out for the near-maximum critical β rated at 9.8 β authentication bypass bug but Cisco hasn't seen any malicious exploit yet.
π¦Ώ Execs don't sound very confident about long-term network security in the WFH era π¦Ώ
π Read
via "Tech Republic".
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.π Read
via "Tech Republic".
TechRepublic
Execs don't sound very confident about long-term network security in the WFH era
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.
β Google Play Sign-Ins Allow Covert Location-Tracking β
π Read
via "Threat Post".
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.π Read
via "Threat Post".
Threat Post
Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
βΌ CVE-2021-33928 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33938 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33929 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33930 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.π Read
via "National Vulnerability Database".
β Pwned! The home security system that can be hacked with your email address β
π Read
via "Naked Security".
The alarm system that can be turned off with your email address.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Skimming the CREAM β recursive withdrawals loot $13M in cryptocash β
π Read
via "Naked Security".
Recursion [noun]: see recursion.π Read
via "Naked Security".
Naked Security
Skimming the CREAM β recursive withdrawals loot $13M in cryptocash
Recursion [noun]: see recursion.
π WhatsApp Fined $267 Million for Breaching GDPR π
π Read
via "".
The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.π Read
via "".
Digital Guardian
WhatsApp Fined $267 Million for Breaching GDPR
The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.
βΌ CVE-2021-22791 βΌ
π Read
via "National Vulnerability Database".
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureΓΒͺ Control Expert, including all Unity Pro versions (former name of EcoStruxureΓΒͺ Control Expert, all versions), PLC Simulator for EcoStruxureΓΒͺ Process Expert including all HDCS versions (former name of EcoStruxureΓΒͺ Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).π Read
via "National Vulnerability Database".
βΌ CVE-2021-35996 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22775 βΌ
π Read
via "National Vulnerability Database".
A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39322 βΌ
π Read
via "National Vulnerability Database".
The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21086 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".