βΌ CVE-2021-31841 βΌ
π Read
via "National Vulnerability Database".
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.π Read
via "National Vulnerability Database".
β VMware Warns of Ransomware-Friendly Bug in vCenter Server β
π Read
via "Threat Post".
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.π Read
via "Threat Post".
Threat Post
VMware Warns of Ransomware-Friendly Bug in vCenter Server
UPDATE: Malicious actors are already scanning honeypots, looking for servers vulnerable to the critical arbitrary file upload flaw in vCenter servers' Analytics service.
β How REvil May Have Ripped Off Its Own Affiliates β
π Read
via "Threat Post".
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliatesβ cuts of ransom payments.π Read
via "Threat Post".
Threat Post
How REvil May Have Ripped Off Its Own Affiliates
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliatesβ cuts of ransom payments.
β Unpatched Apple Zero-Day in macOS Finder Allows Code Execution β
π Read
via "Threat Post".
All a user needs to do is click on an email attachment, and boom -- the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.π Read
via "Threat Post".
Threat Post
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
All a user needs to do is click on an email attachment, and boom β the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
βΌ CVE-2021-40684 βΌ
π Read
via "National Vulnerability Database".
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37860 βΌ
π Read
via "National Vulnerability Database".
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.π Read
via "National Vulnerability Database".
βΌ CVE-2019-6288 βΌ
π Read
via "National Vulnerability Database".
Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.π Read
via "National Vulnerability Database".
π¦Ώ Your IoT devices may be vulnerable to malware π¦Ώ
π Read
via "Tech Republic".
NordPass: Only 33% of users surveyed had changed the default passwords on their IoT devices, leaving the rest vulnerable to attack.π Read
via "Tech Republic".
TechRepublic
Your IoT devices may be vulnerable to malware
NordPass: Only 33% of users surveyed had changed the default passwords on their IoT devices, leaving the rest vulnerable to attack.
β Netgear SOHO Security Bug Allows RCE, Corporate Attacks β
π Read
via "Threat Post".
The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security.π Read
via "Threat Post".
Threat Post
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security.
π΄ UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data π΄
π Read
via "Dark Reading".
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.π Read
via "Dark Reading".
Dark Reading
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
π¦Ώ Ransomware now accounts for 69% of all attacks that use malware π¦Ώ
π Read
via "Tech Republic".
The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.π Read
via "Tech Republic".
TechRepublic
Ransomware now accounts for 69% of all attacks that use malware
The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.
βΌ CVE-2021-21992 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21991 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).π Read
via "National Vulnerability Database".
βΌ CVE-2021-34647 βΌ
π Read
via "National Vulnerability Database".
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34648 βΌ
π Read
via "National Vulnerability Database".
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23469 βΌ
π Read
via "National Vulnerability Database".
gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23481 βΌ
π Read
via "National Vulnerability Database".
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23478 βΌ
π Read
via "National Vulnerability Database".
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.π Read
via "National Vulnerability Database".
β Crystal Valley Farm Coop Hit with Ransomware β
π Read
via "Threat Post".
It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.π Read
via "Threat Post".
Threat Post
Crystal Valley Farm Coop Hit with Ransomware
It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.
βΌ CVE-2021-34696 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34727 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.π Read
via "National Vulnerability Database".