βΌ CVE-2021-3807 βΌ
π Read
via "National Vulnerability Database".
ansi-regex is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1947 βΌ
π Read
via "National Vulnerability Database".
Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3804 βΌ
π Read
via "National Vulnerability Database".
taro is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30260 βΌ
π Read
via "National Vulnerability Database".
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1939 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1976 βΌ
π Read
via "National Vulnerability Database".
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3811 βΌ
π Read
via "National Vulnerability Database".
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3805 βΌ
π Read
via "National Vulnerability Database".
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3810 βΌ
π Read
via "National Vulnerability Database".
code-server is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30261 βΌ
π Read
via "National Vulnerability Database".
Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3803 βΌ
π Read
via "National Vulnerability Database".
nth-check is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
β AT&T Phone-Unlocking Malware Ring Costs Carrier $200M β
π Read
via "Threat Post".
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.π Read
via "Threat Post".
Threat Post
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network β all the way from Pakistan.
ποΈ Google announces partnership to review security of open source software projects ποΈ
π Read
via "The Daily Swig".
Tech giant will lend its support to security reviews of eight projects, including Git, Lodash, and Laravel π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google announces partnership to review security of open source software projects
Tech giant will lend its support to security reviews of eight projects, including Git, Lodash, and Laravel
β Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do β
π Read
via "Threat Post".
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.π Read
via "Threat Post".
Threat Post
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.
ποΈ Epik hack exposes lax security practices at controversial web host ποΈ
π Read
via "The Daily Swig".
ISP guilty of βlaziest design possibleβ, critics allegeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Epik hack exposes lax security practices at controversial web host
ISP guilty of βlaziest design possibleβ, critics allege
ποΈ Alaska Department of Health reveals data breach potentially exposing residentsβ financial, health information ποΈ
π Read
via "The Daily Swig".
Disclosure part of lengthy investigation into sophisticated attack that took place in Mayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Alaska Department of Health reveals data breach potentially exposing residentsβ financial, health information
Disclosure part of lengthy investigation into sophisticated attack that took place in May
π¦Ώ Small businesses need to step up efforts to secure and retain hybrid workers π¦Ώ
π Read
via "Tech Republic".
Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.π Read
via "Tech Republic".
TechRepublic
Small businesses need to step up efforts to secure and retain hybrid workers
Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.
π¦Ώ Dell study finds most organizations don't think they can recover from a ransomware attack π¦Ώ
π Read
via "Tech Republic".
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.π Read
via "Tech Republic".
TechRepublic
Dell study finds most organizations don't think they can recover from a ransomware attack
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.
π1
βΌ CVE-2021-41315 βΌ
π Read
via "National Vulnerability Database".
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31844 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39227 βΌ
π Read
via "National Vulnerability Database".
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts.π Read
via "National Vulnerability Database".