βΌ CVE-2021-31923 βΌ
π Read
via "National Vulnerability Database".
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41583 βΌ
π Read
via "National Vulnerability Database".
vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41581 βΌ
π Read
via "National Vulnerability Database".
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.π Read
via "National Vulnerability Database".
β Apple Patches 3 More Zero-Days Under Active Attack β
π Read
via "Threat Post".
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.π Read
via "Threat Post".
Threat Post
Apple Patches 3 More Zero-Days Under Active Attack
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
ποΈ Millions of South Africans caught up in security incident after debt recovery firm suffers βsignificant data breachβ ποΈ
π Read
via "The Daily Swig".
Sensitive information is among datasets potentially exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Millions of South Africans caught up in security incident after debt recovery firm suffers βsignificant data breachβ
Sensitive information is among datasets potentially exposed
βΌ CVE-2021-36749 βΌ
π Read
via "National Vulnerability Database".
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.π Read
via "National Vulnerability Database".
π΄ Primer: Microsoft Active Directory Security for AD Admins π΄
π Read
via "Dark Reading".
Nearly all AD environments are vulnerable to identity attack paths -- a powerful, widespread, and difficult-to-detect attack technique. But we didn't say impossible. Here's how admins can stop them.π Read
via "Dark Reading".
Dark Reading
Primer: Microsoft Active Directory Security for AD Admins
Nearly all AD environments are vulnerable to identity attack paths -- a powerful, widespread, and difficult-to-detect attack technique. But we didn't say impossible. Here's how admins can stop them.
π΄ BlackFog ARM 64 Edition Provides Anti Data Exfiltration Across New Patforms π΄
π Read
via "Dark Reading".
New BlackFog ARM 64 edition maximizes performance, battery life, and data security.π Read
via "Dark Reading".
Dark Reading
BlackFog ARM 64 Edition Provides Anti Data Exfiltration Across New Patforms
New BlackFog ARM 64 edition maximizes performance, battery life, and data security.
π΄ NIST Brings Threat Modeling into the Spotlight π΄
π Read
via "Dark Reading".
NIST recommendations typically become part of government procurement, which means threat modeling will soon be written into questions for organizations that sell to the federal government.π Read
via "Dark Reading".
Dark Reading
NIST Brings Threat Modeling into the Spotlight
NIST recommendations typically become part of government procurement, which means threat modeling will soon be written into questions for organizations that sell to the federal government.
π΄ UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data π΄
π Read
via "Dark Reading".
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.π Read
via "Dark Reading".
Dark Reading
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
π΄ SAIC Appoints Kevin Brown as Chief Information Security Officer π΄
π Read
via "Dark Reading".
Industry leader with decades of information security experience manages SAICβs security strategy and oversees critical cybersecurity operations.π Read
via "Dark Reading".
Dark Reading
SAIC Appoints Kevin Brown as Chief Information Security Officer
Industry leader with decades of information security experience manages SAICβs security strategy and oversees critical cybersecurity operations.
π΄ How to Implement a Security Champions Program π΄
π Read
via "Dark Reading".
A Security Champions program is a great way to enhance security maturity, reduce vulnerabilities, and make security top of mind throughout the business.π Read
via "Dark Reading".
Dark Reading
How to Implement a Security Champions Program
A Security Champions program is a great way to enhance security maturity, reduce vulnerabilities, and make security top of mind throughout the business.
π΄ Microsoft Exchange Autodiscover Flaw Leaks Thousands of Credentials π΄
π Read
via "Dark Reading".
Researchers claim to have accessed hundreds of thousands of Windows credentials using a bug in the Autodiscover protocol.π Read
via "Dark Reading".
Dark Reading
Microsoft Exchange Autodiscover Flaw Leaks Thousands of Credentials
Researchers claim to have accessed hundreds of thousands of Windows credentials using a bug in the Autodiscover protocol.
π΄ FamousSparrow APT Group Flocks to Hotels, Governments, Businesses π΄
π Read
via "Dark Reading".
The cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.π Read
via "Dark Reading".
Dark Reading
FamousSparrow APT Group Flocks to Hotels, Governments, Businesses
The cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.
π΄ Supply Chain and Ransomware Threats Drove 60% Increase in Global Cyber Intelligence Sharing Among Financial Firms π΄
π Read
via "Dark Reading".
AMEX, Banco Falabella, IAG, and UBS win global award for annual cyber intelligence sharing efforts.π Read
via "Dark Reading".
Dark Reading
Supply Chain and Ransomware Threats Drove 60% Increase in Global Cyber Intelligence Sharing Among Financial Firms
AMEX, Banco Falabella, IAG, and UBS win global award for annual cyber intelligence sharing efforts.
π΄ A Cyber-Resilience Model for the Next Era π΄
π Read
via "Dark Reading".
Digital dilemmas have driven security to the forefront of business leaders' priorities. Understanding how to provide security at the speed of change and build a cyber-resilient organization will drive competitive advantage and help organizations run and transform with ease.π Read
via "Dark Reading".
Dark Reading
A Cyber-Resilience Model for the Next Era
Digital dilemmas have driven security to the forefront of business leaders' priorities. Understanding how to provide security at the speed of change and build a cyber-resilient organization will drive competitive advantage and help organizations run and transformβ¦
π΄ 6 Lessons From Major Data Breaches This Year π΄
π Read
via "Dark Reading".
Though many incidents stemmed from familiar security failures, they served up β or resurfaced β some important takeaways.π Read
via "Dark Reading".
Dark Reading
6 Lessons From Major Data Breaches This Year
Though many incidents stemmed from familiar security failures, they served up β or resurfaced β some important takeaways.
π΄ Panorays Closes $42 Million Series B Funding Round π΄
π Read
via "Dark Reading".
Funding comes on the heels of 500% growth in client base.π Read
via "Dark Reading".
Dark Reading
Panorays Closes $42 Million Series B Funding Round
Funding comes on the heels of 500% growth in client base.
π΄ Apple Patches Zero-Days in iOS, Known Vuln in macOS π΄
π Read
via "Dark Reading".
One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.π Read
via "Dark Reading".
Darkreading
Apple Patches Zero-Days in iOS, Known Vuln in macOS
One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.
π΄ Google Spots New Technique to Sneak Malware Past Detection Tools π΄
π Read
via "Dark Reading".
The operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.π Read
via "Dark Reading".
Dark Reading
Google Spots New Technique to Sneak Malware Past Detection Tools
The operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.
π΄ Password Reuse Problems Persist Despite Known Risks π΄
π Read
via "Dark Reading".
The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds.π Read
via "Dark Reading".
Dark Reading
Password Reuse Problems Persist Despite Known Risks
The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds.