π¦Ώ Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of π¦Ώ
π Read
via "Tech Republic".
Online fraud is getting sneakier and stealthier as mischievous operatives evolve their techniques. Learn some of the unique tricks afoot today and how to spot them.π Read
via "Tech Republic".
TechRepublic
Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of
Online fraud is getting sneakier and stealthier as mischievous operatives evolve their techniques. Learn some of the unique tricks afoot today and how to spot them.
βΌ CVE-2021-25735 βΌ
π Read
via "National Vulnerability Database".
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3768 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-32568 βΌ
π Read
via "National Vulnerability Database".
mrdoc is vulnerable to Deserialization of Untrusted Dataπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3770 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3766 βΌ
π Read
via "National Vulnerability Database".
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
βΌ CVE-2021-25737 βΌ
π Read
via "National Vulnerability Database".
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36744 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3767 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
β IoT Attacks Skyrocket, Doubling in 6 Months β
π Read
via "Threat Post".
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.π Read
via "Threat Post".
Threat Post
IoT Attacks Skyrocket, Doubling in 6 Months
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
β Poisoned proxy PACs! The NPM package with a network-wide security holeβ¦ β
π Read
via "Naked Security".
3,000,000 downloads a week... if only they'd read the fastitidous manual!π Read
via "Naked Security".
Naked Security
Poisoned proxy PACs! The NPM package with a network-wide security holeβ¦
3,000,000 downloads a weekβ¦ if only theyβd read the fastidious manual!
β Human Fraud: Detecting Them Before They Detect You β
π Read
via "Threat Post".
Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.π Read
via "Threat Post".
Threat Post
Human Fraud: Detecting Them Before They Detect You
Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.
βΌ CVE-2021-36094 βΌ
π Read
via "National Vulnerability Database".
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36096 βΌ
π Read
via "National Vulnerability Database".
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36093 βΌ
π Read
via "National Vulnerability Database".
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36095 βΌ
π Read
via "National Vulnerability Database".
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40531 βΌ
π Read
via "National Vulnerability Database".
Sketch before 75 mishandles external library feeds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40532 βΌ
π Read
via "National Vulnerability Database".
Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40540 βΌ
π Read
via "National Vulnerability Database".
ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31611 βΌ
π Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34144 βΌ
π Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.π Read
via "National Vulnerability Database".