β Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API β
π Read
via "Threat Post".
Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.π Read
via "Threat Post".
Threat Post
Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API
Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.
β Google Report Spotlights Uptick in Controversial βGeofence Warrantsβ by Police β
π Read
via "Threat Post".
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.π Read
via "Threat Post".
Threat Post
Google Report Spotlights Uptick in Controversial βGeofence Warrantsβ by Police
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.
β Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products β
π Read
via "Threat Post".
Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.π Read
via "Threat Post".
Threat Post
Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products
Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.
βοΈ Indictment, Lawsuits Revive Trump-Alfa Bank Story βοΈ
π Read
via "Krebs on Security".
In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.π Read
via "Krebs on Security".
Krebs on Security
Indictment, Lawsuits Revive Trump-Alfa Bank Story
In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia'sβ¦
βΌ CVE-2021-22019 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22007 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22949 βΌ
π Read
via "National Vulnerability Database".
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"π Read
via "National Vulnerability Database".
βΌ CVE-2021-22016 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22017 βΌ
π Read
via "National Vulnerability Database".
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22013 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22010 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22015 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22014 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22952 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22006 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22020 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22945 βΌ
π Read
via "National Vulnerability Database".
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22950 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"π Read
via "National Vulnerability Database".
βΌ CVE-2021-22948 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22012 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22005 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.π Read
via "National Vulnerability Database".