βΌ CVE-2021-39391 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.π Read
via "National Vulnerability Database".
β 2021βs Most Dangerous Software Weaknesses β
π Read
via "Threat Post".
Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.π Read
via "Threat Post".
Threat Post
2021βs Most Dangerous Software Weaknesses
Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.
β Microsoft Patches Actively Exploited Windows Zero-Day Bug β
π Read
via "Threat Post".
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.π Read
via "Threat Post".
Threat Post
Microsoft Patches Actively Exploited Windows Zero-Day Bug
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.
βοΈ Microsoft Patch Tuesday, September 2021 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on iOS products, and Google's got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.π Read
via "Krebs on Security".
Krebsonsecurity
Microsoft Patch Tuesday, September 2021 Edition
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedlyβ¦
β Adobe Snuffs Critical Bugs in Acrobat, Experience Manager β
π Read
via "Threat Post".
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.π Read
via "Threat Post".
Threat Post
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager
Adobe releases security updates for 59 bugs, affecting its core products including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.
π¦Ώ Dark Web sees spike in fake COVID vaccine card sales π¦Ώ
π Read
via "Tech Republic".
Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.π Read
via "Tech Republic".
TechRepublic
Dark Web sees spike in fake COVID vaccine card sales
Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.
π¦Ώ T-Mobile was breached: Here's how to protect your account π¦Ώ
π Read
via "Tech Republic".
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.π Read
via "Tech Republic".
TechRepublic
T-Mobile was breached: Here's how to protect your account
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.
βΌ CVE-2021-23025 βΌ
π Read
via "National Vulnerability Database".
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23028 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23030 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23027 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23029 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23026 βΌ
π Read
via "National Vulnerability Database".
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
π’ Apple patches zero-day flaw abused by infamous NSO exploit π’
π Read
via "ITPro".
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interactionπ Read
via "ITPro".
ITPro
Apple patches zero-day flaw abused by infamous NSO exploit
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction
π’ WhatsApp activates end-to-end encrypted cloud backups π’
π Read
via "ITPro".
The messaging service will grant users a password-protected key when they save their chat histories to the cloudπ Read
via "ITPro".
IT PRO
WhatsApp activates end-to-end encrypted cloud backups | IT PRO
The messaging service will grant users a password-protected key when they save their chat histories to the cloud
π’ Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme π’
π Read
via "ITPro".
Ontario resident laundered cash for North Korea from bank heists and BEC scamsπ Read
via "ITPro".
IT PRO
Dual citizen sentenced to 11 years for laundering money | IT PRO
Ontario resident laundered cash for North Korea from bank heists and BEC scams
π’ Olympus hit by suspected ransomware attack π’
π Read
via "ITPro".
The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incidentπ Read
via "ITPro".
IT PRO
Olympus hit by suspected ransomware attack | IT PRO
The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incident
π’ Irish data regulator fails to resolve 98% of big tech GDPR cases π’
π Read
via "ITPro".
Campaigners accuse the Irish DPC of being the βbottleneckβ for GDPR enforcement with 160 unresolved complaintsπ Read
via "ITPro".
IT PRO
Irish data regulator fails to resolve 98% of big tech GDPR cases | IT PRO
Campaigners accuse the Irish DPC of being the βbottleneckβ for GDPR enforcement with 160 unresolved complaints
π’ Google handed user data to Hong Kong authorities despite pledge π’
π Read
via "ITPro".
The tech giant last year said it would suspend the processing of user data requests from the Hong Kong government after a law that criminalised protests was introducedπ Read
via "ITPro".
IT PRO
Google handed user data to Hong Kong authorities despite pledge | IT PRO
The tech giant last year said it would suspend the processing of user data requests from the Hong Kong government after a law that criminalised protests was introduced
π’ Medigate and CrowdStrike bolster IoT medical device security π’
π Read
via "ITPro".
CrowdStrike will integrate its Falcon software with Medigateβs device security platformπ Read
via "ITPro".
IT PRO
Medigate and CrowdStrike team to bolster IoT medical devicesβ security | IT PRO
CrowdStrike will integrate its Falcon software with Medigateβs device security platform
π’ Hackers develop Linux port of Cobalt Strike for new attacks π’
π Read
via "ITPro".
The modified version of the penetration testing toolkit can evade malware detectionπ Read
via "ITPro".
IT PRO
Hackers develop Linux port of Cobalt Strike for new attacks | IT PRO
The modified version of the penetration testing toolkit can evade malware detection