βΌ CVE-2021-35493 βΌ
π Read
via "National Vulnerability Database".
The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23036 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23037 βΌ
π Read
via "National Vulnerability Database".
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23032 βΌ
π Read
via "National Vulnerability Database".
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39391 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.π Read
via "National Vulnerability Database".
β 2021βs Most Dangerous Software Weaknesses β
π Read
via "Threat Post".
Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.π Read
via "Threat Post".
Threat Post
2021βs Most Dangerous Software Weaknesses
Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.
β Microsoft Patches Actively Exploited Windows Zero-Day Bug β
π Read
via "Threat Post".
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.π Read
via "Threat Post".
Threat Post
Microsoft Patches Actively Exploited Windows Zero-Day Bug
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.
βοΈ Microsoft Patch Tuesday, September 2021 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on iOS products, and Google's got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.π Read
via "Krebs on Security".
Krebsonsecurity
Microsoft Patch Tuesday, September 2021 Edition
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedlyβ¦
β Adobe Snuffs Critical Bugs in Acrobat, Experience Manager β
π Read
via "Threat Post".
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.π Read
via "Threat Post".
Threat Post
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager
Adobe releases security updates for 59 bugs, affecting its core products including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.
π¦Ώ Dark Web sees spike in fake COVID vaccine card sales π¦Ώ
π Read
via "Tech Republic".
Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.π Read
via "Tech Republic".
TechRepublic
Dark Web sees spike in fake COVID vaccine card sales
Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.
π¦Ώ T-Mobile was breached: Here's how to protect your account π¦Ώ
π Read
via "Tech Republic".
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.π Read
via "Tech Republic".
TechRepublic
T-Mobile was breached: Here's how to protect your account
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.
βΌ CVE-2021-23025 βΌ
π Read
via "National Vulnerability Database".
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23028 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23030 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23027 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23029 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23026 βΌ
π Read
via "National Vulnerability Database".
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
π’ Apple patches zero-day flaw abused by infamous NSO exploit π’
π Read
via "ITPro".
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interactionπ Read
via "ITPro".
ITPro
Apple patches zero-day flaw abused by infamous NSO exploit
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction
π’ WhatsApp activates end-to-end encrypted cloud backups π’
π Read
via "ITPro".
The messaging service will grant users a password-protected key when they save their chat histories to the cloudπ Read
via "ITPro".
IT PRO
WhatsApp activates end-to-end encrypted cloud backups | IT PRO
The messaging service will grant users a password-protected key when they save their chat histories to the cloud
π’ Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme π’
π Read
via "ITPro".
Ontario resident laundered cash for North Korea from bank heists and BEC scamsπ Read
via "ITPro".
IT PRO
Dual citizen sentenced to 11 years for laundering money | IT PRO
Ontario resident laundered cash for North Korea from bank heists and BEC scams
π’ Olympus hit by suspected ransomware attack π’
π Read
via "ITPro".
The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incidentπ Read
via "ITPro".
IT PRO
Olympus hit by suspected ransomware attack | IT PRO
The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incident