βΌ CVE-2021-39537 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.π Read
via "National Vulnerability Database".
β Payment API Bungling Exposes Millions of Usersβ Payment Data β
π Read
via "Threat Post".
Misconfigured APIs make any app risky, but when youβre talking about financial apps, youβre talking about handing neβer-do-wells the power to turn your pockets inside-out.π Read
via "Threat Post".
Threat Post
Payment API Bungling Exposes Millions of Usersβ Payment Data
Misconfigured APIs make any app risky, but when youβre talking about financial apps, youβre talking about handing neβer-do-wells the power to turn your pockets inside-out.
π Cyberattack at Eyecare Office Indicative of Shifting Healthcare Breach Trends π
π Read
via "".
Large hospitals are making headlines as they continue to get hit by ransomware but smaller outpatient facilities are getting breached just as often.π Read
via "".
Digital Guardian
Cyberattack at Eyecare Office Indicative of Shifting Healthcare Breach Trends
Large hospitals are making headlines as they continue to get hit by ransomware but smaller outpatient facilities are getting breached just as often.
β Europol Breaks Open Extensive Mafia Cybercrime Ring β
π Read
via "Threat Post".
Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.π Read
via "Threat Post".
Threat Post
Europol Breaks Open Extensive Mafia Cybercrime Ring
Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.
βΌ CVE-2020-19915 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the [mailbox username in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32838 βΌ
π Read
via "National Vulnerability Database".
Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.π Read
via "National Vulnerability Database".
π¦Ώ Windows 11 prep: How to convert MBR hard drive partitions to GPT π¦Ώ
π Read
via "Tech Republic".
For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it.π Read
via "Tech Republic".
TechRepublic
Windows 11 prep: How to convert MBR hard drive partitions to GPT
For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it.
β Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate β
π Read
via "Threat Post".
Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.π Read
via "Threat Post".
Threat Post
Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate
Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.
βοΈ Does Your Organization Have a Security.txt File? βοΈ
π Read
via "Krebs on Security".
It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access to an organization's internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.π Read
via "Krebs on Security".
Krebsonsecurity
Does Your Organization Have a Security.txt File?
It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remoteβ¦
βΌ CVE-2020-26301 βΌ
π Read
via "National Vulnerability Database".
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41082 βΌ
π Read
via "National Vulnerability Database".
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34650 βΌ
π Read
via "National Vulnerability Database".
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16630 βΌ
π Read
via "National Vulnerability Database".
TIΓ’β¬β’s BLE stack caches and reuses the LTKΓ’β¬β’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobileΓ’β¬β’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39325 βΌ
π Read
via "National Vulnerability Database".
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.π Read
via "National Vulnerability Database".
ποΈ US optometry provider Simon Eye hit by data breach impacting 144,000 patients ποΈ
π Read
via "The Daily Swig".
Compromise of employee mailboxes may have exposed sensitive medical dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US optometry provider Simon Eye hit by data breach impacting 144,000 patients
Compromise of employee mailboxes may have exposed sensitive medical data
βΌ CVE-2021-26333 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31917 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20829 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.π Read
via "National Vulnerability Database".
ποΈ French shipping giant CMA CGM suffers data breach ποΈ
π Read
via "The Daily Swig".
Customer data impacted by security incidentπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
French shipping giant CMA CGM suffers data breach
Customer data impacted by security incident
β BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom β
π Read
via "Threat Post".
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.π Read
via "Threat Post".
Threat Post
BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.
β 46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? β
π Read
via "Threat Post".
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities β some even years old.π Read
via "Threat Post".
Threat Post
46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities β some even years old.