โผ CVE-2021-32137 โผ
๐ Read
via "National Vulnerability Database".
Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-32132 โผ
๐ Read
via "National Vulnerability Database".
The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-32134 โผ
๐ Read
via "National Vulnerability Database".
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-32135 โผ
๐ Read
via "National Vulnerability Database".
The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.๐ Read
via "National Vulnerability Database".
โ Serious Security: How to make sure you donโt miss bug reports! โ
๐ Read
via "Naked Security".
Hey, let's create a text file that lists our security contacts! We'll call it... security DOT txt.๐ Read
via "Naked Security".
Naked Security
Serious Security: How to make sure you donโt miss bug reports!
Hey, letโs create a text file that lists our security contacts! Weโll call itโฆ security DOT txt.
โ S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast] โ
๐ Read
via "Naked Security".
Latest episode - listen now!๐ Read
via "Naked Security".
Naked Security
S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]
Latest episode โ listen now!
๐ฆฟ IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame ๐ฆฟ
๐ Read
via "Tech Republic".
The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.๐ Read
via "Tech Republic".
โ Honing Cybersecurity Strategy When Everyoneโs a Target for Ransomware โ
๐ Read
via "Threat Post".
Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite.๐ Read
via "Threat Post".
Threat Post
Honing Cybersecurity Strategy When Everyoneโs a Target for Ransomware
Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite.
โ WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing โ
๐ Read
via "Threat Post".
The security vulnerability can be exploited with a malicious CSV file.๐ Read
via "Threat Post".
Threat Post
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
The security vulnerability can be exploited with a malicious CSV file.
โ WhatsAppโs End-to-End Encryption Isnโt Actually Broken โ
๐ Read
via "Threat Post".
WhatsAppโs moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet.๐ Read
via "Threat Post".
๐ฆฟ How to utilize openssl in Linux to check SSL certificate details ๐ฆฟ
๐ Read
via "Tech Republic".
SSL certificates are an integral component in securing data and connectivity to other systems. Learn tips on how you can use the Linux openssl command to find critical certificate details.๐ Read
via "Tech Republic".
TechRepublic
How to utilize openssl in Linux to check SSL certificate details
SSL certificates are an integral component in securing data and connectivity to other systems. Learn tips on how you can use the Linux openssl command to find critical certificate details.
โ REvilโs Back; Coder Fat-Fingered Away Its Decryptor Key โ
๐ Read
via "Threat Post".
How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and โThatโs how we sh*t ourselves.โ๐ Read
via "Threat Post".
Threat Post
REvilโs Back; Coder Fat-Fingered Away Its Decryptor Key?
How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and โThatโs how we sh*t ourselves.โ
๐ Jury Convicts Ex-Employee in Tech Trade Secret Theft Case ๐
๐ Read
via "".
The conviction came just days before National Insider Threat Awareness Month, a government campaign designed to boost awareness around insider threats and identifying risky behavior.๐ Read
via "".
Digital Guardian
Jury Convicts Ex-Employee in Tech Trade Secret Theft Case
The conviction came just days before National Insider Threat Awareness Month, a government campaign designed to boost awareness around insider threats and identifying risky behavior.
โผ CVE-2021-24621 โผ
๐ Read
via "National Vulnerability Database".
The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability is disallowed, which could lead to Stored Cross-Site Scripting issues๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38833 โผ
๐ Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33546 โผ
๐ Read
via "National Vulnerability Database".
Multiple camera devices by UDP Technology, Geutebrรฦรยผck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33550 โผ
๐ Read
via "National Vulnerability Database".
Multiple camera devices by UDP Technology, Geutebrรฦรยผck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24490 โผ
๐ Read
via "National Vulnerability Database".
The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33544 โผ
๐ Read
via "National Vulnerability Database".
Multiple camera devices by UDP Technology, Geutebrรฦรยผck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24510 โผ
๐ Read
via "National Vulnerability Database".
The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33551 โผ
๐ Read
via "National Vulnerability Database".
Multiple camera devices by UDP Technology, Geutebrรฦรยผck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".