βΌ CVE-2021-20829 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.π Read
via "National Vulnerability Database".
ποΈ French shipping giant CMA CGM suffers data breach ποΈ
π Read
via "The Daily Swig".
Customer data impacted by security incidentπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
French shipping giant CMA CGM suffers data breach
Customer data impacted by security incident
β BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom β
π Read
via "Threat Post".
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.π Read
via "Threat Post".
Threat Post
BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.
β 46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? β
π Read
via "Threat Post".
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities β some even years old.π Read
via "Threat Post".
Threat Post
46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities β some even years old.
π¦Ώ U.S. companies excel at limiting shadow IT, according to a new report π¦Ώ
π Read
via "Tech Republic".
Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?π Read
via "Tech Republic".
TechRepublic
U.S. companies excel at limiting shadow IT, according to a new report
Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?
π¦Ώ How privacy and security challenges may cause people to abandon your website π¦Ώ
π Read
via "Tech Republic".
More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.π Read
via "Tech Republic".
TechRepublic
How privacy and security challenges may cause people to abandon your website
More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.
π¦Ώ Managing change in AI: Don't forget about your staff's needs and abilities π¦Ώ
π Read
via "Tech Republic".
When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees'.π Read
via "Tech Republic".
TechRepublic
Managing change in AI: Don't forget about your staff's needs and abilities
When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees'.
βΌ CVE-2021-37424 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37419 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37420 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28960 βΌ
π Read
via "National Vulnerability Database".
ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37741 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0869 βΌ
π Read
via "National Vulnerability Database".
In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/Aπ Read
via "National Vulnerability Database".
π¦Ώ Google, Microsoft and Oracle amassed the most cybersecurity vulnerabilities in the first half of 2021 π¦Ώ
π Read
via "Tech Republic".
A recent AtlasVPN report rounds up an inglorious cybersecurity top 10 of sorts, highlighting the companies that have amassed the most vulnerabilities in the first half of this year.π Read
via "Tech Republic".
ποΈ Weaponized ManageEngine flaw poses βserious riskβ to high-profile US targets β CISA ποΈ
π Read
via "The Daily Swig".
Warning from US government agency urges prompt triageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Weaponized ManageEngine flaw poses βserious riskβ to high-profile US targets β CISA
Warning from US government agency urges prompt triage
β Turla APT Plants Novel Backdoor In Wake of Afghan Unrest β
π Read
via "Threat Post".
βTinyTurla,β simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.π Read
via "Threat Post".
Threat Post
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
βTinyTurla,β simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
β iOS 15 includes Face ID fix for security bypass using fake heads β
π Read
via "Naked Security".
Fake heads! (Cue dystopian scifi music.)π Read
via "Naked Security".
Naked Security
iOS 15 launches with 22 documented security patches β including a Face ID bypass using a β3D modelβ
Fake heads! (Cue dystopian scifi music.)
βΌ CVE-2021-41525 βΌ
π Read
via "National Vulnerability Database".
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41531 βΌ
π Read
via "National Vulnerability Database".
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.π Read
via "National Vulnerability Database".
β Hackers Are Going βDeep-Sea Phishing,β So What Can You Do About It? β
π Read
via "Threat Post".
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.π Read
via "Threat Post".
Threat Post
Hackers Are Going βDeep-Sea Phishing,β So What Can You Do About It?
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.
βΌ CVE-2021-23444 βΌ
π Read
via "National Vulnerability Database".
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.π Read
via "National Vulnerability Database".