βΌ CVE-2021-37422 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.π Read
via "National Vulnerability Database".
βοΈ KrebsOnSecurity Hit By Huge New IoT Botnet βMerisβ βοΈ
π Read
via "Krebs on Security".
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from "Meris," the same new "Internet of Things" (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.π Read
via "Krebs on Security".
Krebs on Security
KrebsOnSecurity Hit By Huge New IoT Botnet βMerisβ
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from "Meris," the same new "Internet of Things" (IoT) botnet behind record-shattering attacks againstβ¦
π¦Ώ Your voiceprint could be your new password as companies look to increase security for remote workers π¦Ώ
π Read
via "Tech Republic".
Biometrics are moving beyond banks and joining fingerprints and faceprints as a way to confirm employee and customer identities.π Read
via "Tech Republic".
TechRepublic
Your voiceprint could be your new password as companies look to increase security for remote workers
Biometrics are moving beyond banks and joining fingerprints and faceprints as a way to confirm employee and customer identities.
β Top Steps for Ransomware Recovery and Preparation β
π Read
via "Threat Post".
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future.π Read
via "Threat Post".
Threat Post
Top Steps for Ransomware Recovery and Preparation
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future.
β MyRepublic Data Breach Raises Data-Protection Questions β
π Read
via "Threat Post".
The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say.π Read
via "Threat Post".
Threat Post
MyRepublic Data Breach Raises Data-Protection Questions
The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say.
βΌ CVE-2021-3145 βΌ
π Read
via "National Vulnerability Database".
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40864 βΌ
π Read
via "National Vulnerability Database".
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3646 βΌ
π Read
via "National Vulnerability Database".
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-40347 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39207 βΌ
π Read
via "National Vulnerability Database".
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24040 βΌ
π Read
via "National Vulnerability Database".
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38555 βΌ
π Read
via "National Vulnerability Database".
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40146 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.π Read
via "National Vulnerability Database".
π’ The best remote access solutions π’
π Read
via "ITPro".
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support toolsπ Read
via "ITPro".
IT PRO
The best remote access software | IT PRO
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support tools
π’ Ransomware hackers break off from Babuk to join a new group π’
π Read
via "ITPro".
New research shines a light on the fallout between criminals in the wake of the Colonial Pipeline attackπ Read
via "ITPro".
IT PRO
Ransomware hackers break off from Babuk to join a new group | IT PRO
New research shines a light on the fallout between criminals in the wake of the Colonial Pipeline attack
π’ DOJ extradites Ukrainian man who used a botnet to decrypt login credentials π’
π Read
via "ITPro".
The 28-year-old allegedly sold passwords to other criminals on the dark webπ Read
via "ITPro".
IT PRO
DOJ extradites Ukrainian man who used a botnet to decrypt login credentials | IT PRO
The 28-year-old allegedly sold passwords to other criminals on the dark web
π’ Dell launches new security services to tackle surging data demands π’
π Read
via "ITPro".
These new products aim to mitigate against data protection anxieties and the rising threat of ransomwareπ Read
via "ITPro".
IT PRO
Dell launches new security services to tackle surging data demands | IT PRO
These new products aim to mitigate against data protection anxieties and the rising threat of ransomware
βΌ CVE-2021-23440 βΌ
π Read
via "National Vulnerability Database".
This affects the package set-value before 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23435 βΌ
π Read
via "National Vulnerability Database".
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).π Read
via "National Vulnerability Database".
ποΈ Texas Republican Party website defaced in βAnonymousβ protest against abortion law ποΈ
π Read
via "The Daily Swig".
Hacktivists take aim at βHeartbeat Actβ with references to The Handmaidβs Tale and Rick-rolling memeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Texas Republican Party website defaced in βAnonymousβ protest against abortion law
Hacktivists take aim at βHeartbeat Actβ with references to The Handmaidβs Tale and Rick-rolling meme
π¦Ώ Phony vaccine card prices double following Biden mandate announcement π¦Ώ
π Read
via "Tech Republic".
Dark Web prices for fake vaccination cards shot up from $100 to $200 almost immediately after the president announced new mandates, says Check Point Research.π Read
via "Tech Republic".
TechRepublic
Phony COVID-19 vaccine card prices double following Biden mandate announcement
Dark Web prices for fake COVID-19 vaccination cards shot up from $100 to $200 almost immediately after the U.S. president announced new mandates, says Check Point Research.