βΌ CVE-2020-21604 βΌ
π Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3812 βΌ
π Read
via "National Vulnerability Database".
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-41303 βΌ
π Read
via "National Vulnerability Database".
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3807 βΌ
π Read
via "National Vulnerability Database".
ansi-regex is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1947 βΌ
π Read
via "National Vulnerability Database".
Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3804 βΌ
π Read
via "National Vulnerability Database".
taro is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30260 βΌ
π Read
via "National Vulnerability Database".
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1939 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1976 βΌ
π Read
via "National Vulnerability Database".
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3811 βΌ
π Read
via "National Vulnerability Database".
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3805 βΌ
π Read
via "National Vulnerability Database".
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3810 βΌ
π Read
via "National Vulnerability Database".
code-server is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30261 βΌ
π Read
via "National Vulnerability Database".
Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3803 βΌ
π Read
via "National Vulnerability Database".
nth-check is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
β AT&T Phone-Unlocking Malware Ring Costs Carrier $200M β
π Read
via "Threat Post".
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.π Read
via "Threat Post".
Threat Post
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network β all the way from Pakistan.
ποΈ Google announces partnership to review security of open source software projects ποΈ
π Read
via "The Daily Swig".
Tech giant will lend its support to security reviews of eight projects, including Git, Lodash, and Laravel π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google announces partnership to review security of open source software projects
Tech giant will lend its support to security reviews of eight projects, including Git, Lodash, and Laravel
β Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do β
π Read
via "Threat Post".
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.π Read
via "Threat Post".
Threat Post
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.
ποΈ Epik hack exposes lax security practices at controversial web host ποΈ
π Read
via "The Daily Swig".
ISP guilty of βlaziest design possibleβ, critics allegeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Epik hack exposes lax security practices at controversial web host
ISP guilty of βlaziest design possibleβ, critics allege
ποΈ Alaska Department of Health reveals data breach potentially exposing residentsβ financial, health information ποΈ
π Read
via "The Daily Swig".
Disclosure part of lengthy investigation into sophisticated attack that took place in Mayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Alaska Department of Health reveals data breach potentially exposing residentsβ financial, health information
Disclosure part of lengthy investigation into sophisticated attack that took place in May
π¦Ώ Small businesses need to step up efforts to secure and retain hybrid workers π¦Ώ
π Read
via "Tech Republic".
Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.π Read
via "Tech Republic".
TechRepublic
Small businesses need to step up efforts to secure and retain hybrid workers
Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.
π¦Ώ Dell study finds most organizations don't think they can recover from a ransomware attack π¦Ώ
π Read
via "Tech Republic".
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.π Read
via "Tech Republic".
TechRepublic
Dell study finds most organizations don't think they can recover from a ransomware attack
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.
π1