βΌ CVE-2021-22017 βΌ
π Read
via "National Vulnerability Database".
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22013 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22010 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22015 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22014 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22952 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22006 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22020 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22945 βΌ
π Read
via "National Vulnerability Database".
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22950 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"π Read
via "National Vulnerability Database".
βΌ CVE-2021-22948 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22012 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22005 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22941 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21993 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22008 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.π Read
via "National Vulnerability Database".
β FamousSparrow APT Wings in to Spy on Hotels, Governments β
π Read
via "Threat Post".
A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.π Read
via "Threat Post".
Threat Post
FamousSparrow APT Wings in to Spy on Hotels, Governments
A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.
π¦Ώ Ransomware now accounts for 69% of all attacks that use malware π¦Ώ
π Read
via "Tech Republic".
The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.π Read
via "Tech Republic".
TechRepublic
Ransomware now accounts for 69% of all attacks that use malware
The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.
π¦Ώ How to secure SSH logins with port knocking π¦Ώ
π Read
via "Tech Republic".
Knock, knock ... who's there? SSH. SSH who? You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. Jack Wallen shows you how.π Read
via "Tech Republic".
ποΈ Fake WhatsApp backup message delivers malware to Spanish speakersβ devices ποΈ
π Read
via "The Daily Swig".
The trojan horse in Spain is nothing but a painπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fake WhatsApp backup message delivers malware to Spanish speakersβ devices
The trojan horse in Spain is nothing but a pain
π Zeek 4.0.4 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers