๐ฆฟ Execs don't sound very confident about long-term network security in the WFH era ๐ฆฟ
๐ Read
via "Tech Republic".
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.๐ Read
via "Tech Republic".
TechRepublic
Execs don't sound very confident about long-term network security in the WFH era
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.
โ Google Play Sign-Ins Allow Covert Location-Tracking โ
๐ Read
via "Threat Post".
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.๐ Read
via "Threat Post".
Threat Post
Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
โผ CVE-2021-33928 โผ
๐ Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33938 โผ
๐ Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33929 โผ
๐ Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33930 โผ
๐ Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.๐ Read
via "National Vulnerability Database".
โ Pwned! The home security system that can be hacked with your email address โ
๐ Read
via "Naked Security".
The alarm system that can be turned off with your email address.๐ Read
via "Naked Security".
Sophos News
Naked Security โ Sophos News
โ Skimming the CREAM โ recursive withdrawals loot $13M in cryptocash โ
๐ Read
via "Naked Security".
Recursion [noun]: see recursion.๐ Read
via "Naked Security".
Naked Security
Skimming the CREAM โ recursive withdrawals loot $13M in cryptocash
Recursion [noun]: see recursion.
๐ WhatsApp Fined $267 Million for Breaching GDPR ๐
๐ Read
via "".
The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.๐ Read
via "".
Digital Guardian
WhatsApp Fined $267 Million for Breaching GDPR
The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.
โผ CVE-2021-22791 โผ
๐ Read
via "National Vulnerability Database".
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureรยช Control Expert, including all Unity Pro versions (former name of EcoStruxureรยช Control Expert, all versions), PLC Simulator for EcoStruxureรยช Process Expert including all HDCS versions (former name of EcoStruxureรยช Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35996 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-22775 โผ
๐ Read
via "National Vulnerability Database".
A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39322 โผ
๐ Read
via "National Vulnerability Database".
The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21086 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28565 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35995 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-22525 โผ
๐ Read
via "National Vulnerability Database".
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36019 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-22792 โผ
๐ Read
via "National Vulnerability Database".
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureรยช Control Expert, including all Unity Pro versions (former name of EcoStruxureรยช Control Expert, all versions), PLC Simulator for EcoStruxureรยช Process Expert including all HDCS versions (former name of EcoStruxureรยช Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28557 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to leak sensitive system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36018 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".