βΌ CVE-2020-16630 βΌ
π Read
via "National Vulnerability Database".
TIΓ’β¬β’s BLE stack caches and reuses the LTKΓ’β¬β’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobileΓ’β¬β’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39325 βΌ
π Read
via "National Vulnerability Database".
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.π Read
via "National Vulnerability Database".
ποΈ US optometry provider Simon Eye hit by data breach impacting 144,000 patients ποΈ
π Read
via "The Daily Swig".
Compromise of employee mailboxes may have exposed sensitive medical dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US optometry provider Simon Eye hit by data breach impacting 144,000 patients
Compromise of employee mailboxes may have exposed sensitive medical data
βΌ CVE-2021-26333 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31917 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20829 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.π Read
via "National Vulnerability Database".
ποΈ French shipping giant CMA CGM suffers data breach ποΈ
π Read
via "The Daily Swig".
Customer data impacted by security incidentπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
French shipping giant CMA CGM suffers data breach
Customer data impacted by security incident
β BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom β
π Read
via "Threat Post".
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.π Read
via "Threat Post".
Threat Post
BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.
β 46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? β
π Read
via "Threat Post".
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities β some even years old.π Read
via "Threat Post".
Threat Post
46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities β some even years old.
π¦Ώ U.S. companies excel at limiting shadow IT, according to a new report π¦Ώ
π Read
via "Tech Republic".
Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?π Read
via "Tech Republic".
TechRepublic
U.S. companies excel at limiting shadow IT, according to a new report
Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?
π¦Ώ How privacy and security challenges may cause people to abandon your website π¦Ώ
π Read
via "Tech Republic".
More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.π Read
via "Tech Republic".
TechRepublic
How privacy and security challenges may cause people to abandon your website
More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.
π¦Ώ Managing change in AI: Don't forget about your staff's needs and abilities π¦Ώ
π Read
via "Tech Republic".
When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees'.π Read
via "Tech Republic".
TechRepublic
Managing change in AI: Don't forget about your staff's needs and abilities
When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees'.
βΌ CVE-2021-37424 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37419 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37420 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28960 βΌ
π Read
via "National Vulnerability Database".
ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37741 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0869 βΌ
π Read
via "National Vulnerability Database".
In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/Aπ Read
via "National Vulnerability Database".
π¦Ώ Google, Microsoft and Oracle amassed the most cybersecurity vulnerabilities in the first half of 2021 π¦Ώ
π Read
via "Tech Republic".
A recent AtlasVPN report rounds up an inglorious cybersecurity top 10 of sorts, highlighting the companies that have amassed the most vulnerabilities in the first half of this year.π Read
via "Tech Republic".
ποΈ Weaponized ManageEngine flaw poses βserious riskβ to high-profile US targets β CISA ποΈ
π Read
via "The Daily Swig".
Warning from US government agency urges prompt triageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Weaponized ManageEngine flaw poses βserious riskβ to high-profile US targets β CISA
Warning from US government agency urges prompt triage
β Turla APT Plants Novel Backdoor In Wake of Afghan Unrest β
π Read
via "Threat Post".
βTinyTurla,β simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.π Read
via "Threat Post".
Threat Post
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
βTinyTurla,β simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.