βΌ CVE-2021-22789 βΌ
π Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureΓΒͺ Control Expert, including all Unity Pro versions (former name of EcoStruxureΓΒͺ Control Expert, all versions), PLC Simulator for EcoStruxureΓΒͺ Process Expert including all HDCS versions (former name of EcoStruxureΓΒͺ Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).π Read
via "National Vulnerability Database".
βΌ CVE-2020-13929 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28558 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
β Bluetooth Bugs Open Billions of Devices to DoS, Code Execution β
π Read
via "Threat Post".
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.π Read
via "Threat Post".
Threat Post
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.
β SpyFone & CEO Banned From Stalkerware Biz β
π Read
via "Threat Post".
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.π Read
via "Threat Post".
Threat Post
SpyFone & CEO Banned From Stalkerware Biz
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.
βΌ CVE-2020-18048 βΌ
π Read
via "National Vulnerability Database".
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.π Read
via "National Vulnerability Database".
β NFT Collector Tricked into Buying Fake Banksy β
π Read
via "Threat Post".
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.π Read
via "Threat Post".
Threat Post
NFT Collector Tricked into Buying Fake Banksy
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
βΌ CVE-2021-34436 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38641 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for Android Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38642 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for iOS Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-26439 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for Android Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-26436 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36930 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.π Read
via "National Vulnerability Database".
β Brute-Force Attacks Target Inboxes for Gift Card Data β
π Read
via "Threat Post".
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.π Read
via "Threat Post".
Threat Post
Brute-Force Attacks Target Inboxes for Gift Card Data
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
β S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast]
Latest episode β listen now!
β Pwned! The home security system that can be hacked with your email address β
π Read
via "Naked Security".
The alarm system that can be turned off with your email address.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Friday Five 9/3 π
π Read
via "".
How not to get hacked, a $9 million ransomware attack, and the FTC cracks down on a spyware app - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 9/3
How not to get hacked, a $9 million ransomware attack, and the FTC cracks down on a spyware app - catch up on the infosec news of the week with the Friday Five!
π Clam AntiVirus Toolkit 0.104.0 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.104.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π SQLMAP - Automatic SQL Injection Tool 1.5.9 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.5.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π nfstream 6.3.4 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.3.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β The State of Incident Response: Measuring Risk and Evaluating Your Preparedness β
π Read
via "Threat Post".
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.π Read
via "Threat Post".
Threat Post
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.