‼ CVE-2021-22869 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2464 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).📖 Read
via "National Vulnerability Database".
🦿 How to improve relations between developers and security teams and boost application security 🦿
📖 Read
via "Tech Republic".
Chris Wysopal shared a history lesson about the evolution of application security and advice on how to make all apps more secure.📖 Read
via "Tech Republic".
TechRepublic
How to improve relations between developers and security teams and boost application security
Chris Wysopal shared a history lesson about the evolution of application security and advice on how to make all apps more secure.
‼ CVE-2021-41503 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-6555 ‼
📖 Read
via "National Vulnerability Database".
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40655 ‼
📖 Read
via "National Vulnerability Database".
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40654 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page📖 Read
via "National Vulnerability Database".
‼ CVE-2016-6556 ‼
📖 Read
via "National Vulnerability Database".
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41504 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21742 ‼
📖 Read
via "National Vulnerability Database".
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.📖 Read
via "National Vulnerability Database".
📢 Microsoft exposes BulletProofLink 'phishing as a service' criminal enterprise 📢
📖 Read
via "ITPro".
The sophisticated outfit handles everything from template design to web hosting and credentials processing📖 Read
via "ITPro".
ITPro
Microsoft exposes BulletProofLink 'phishing as a service' criminal enterprise
The sophisticated outfit handles everything from template design to web hosting and credentials processing
📢 The new frontier of endpoint management 📢
📖 Read
via "ITPro".
How analytics and security stacks are driving employee experience initiatives📖 Read
via "ITPro".
IT PRO
The new frontier of endpoint management
How analytics and security stacks are driving employee experience initiatives
📢 IT Pro News in Review: MoD data leak, UK tech jobs boom, Facebook launches Portal for Business 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
IT PRO
IT Pro News in Review: MoD data leak, UK tech jobs boom, Facebook launches Portal for Business
Welcome to IT Pro's News in Review, a weekly bite-sized bulletin of the top tech stories of the week, for the week ending 24 September, 2021.
📢 Critical flaw in vCenter Server could give hackers infrastructure access 📢
📖 Read
via "ITPro".
VMware is urging users to patch the 9.8-rated vulnerability as soon as possible📖 Read
via "ITPro".
IT PRO
Critical flaw in vCenter Server could give hackers infrastructure access | IT PRO
VMware is urging users to patch the 9.8-rated vulnerability as soon as possible
📢 New FamousSparrow hacking group caught targeting hotels 📢
📖 Read
via "ITPro".
Microsoft Exchange ProxyLogon flaw used in attacks📖 Read
via "ITPro".
ITPro
New FamousSparrow hacking group caught targeting hotels
Microsoft Exchange ProxyLogon flaw used in attacks
📢 Managing security and risk across the IT supply chain: A practical approach 📢
📖 Read
via "ITPro".
Best practices for IT supply chain security📖 Read
via "ITPro".
IT PRO
Managing security and risk across the IT supply chain: A practical approach
<em>Provided by</em>
📢 US Treasury sanctions crypto exchange over role in ransomware attacks 📢
📖 Read
via "ITPro".
The Suex exchange allegedly facilitated financial transactions for ransomware actors📖 Read
via "ITPro".
IT PRO
US Treasury sanctions crypto exchange over role in ransomware attacks | IT PRO
The Suex exchange allegedly facilitated financial transactions for ransomware actors
📢 HP Wolf Security: Threat insights report 📢
📖 Read
via "ITPro".
Equipping security teams with the knowledge to combat emerging threats📖 Read
via "ITPro".
IT PRO
HP Wolf Security: Threat insights report
Equipping security teams with the knowledge to combat emerging threats
📢 How to plan for endpoint security against ever-evolving cyber threats 📢
📖 Read
via "ITPro".
Safeguard your devices, data, and reputation📖 Read
via "ITPro".
IT PRO
How to plan for endpoint security against ever-evolving cyber threats
Safeguard your devices, data, and reputation
📢 Minnesota farm coop caught in ransomware attack 📢
📖 Read
via "ITPro".
Crystal valley becomes second agribusiness to find data encrypted by criminals📖 Read
via "ITPro".
IT PRO
Minnesota farm coop caught in ransomware attack | IT PRO
Crystal valley becomes second agribusiness to find data encrypted by criminals
📢 LG continues automotive pivot with $240 million Cybellum acquisition 📢
📖 Read
via "ITPro".
The Israeli startup detects vulnerabilities in automotive hardware and software services using digital twins📖 Read
via "ITPro".
IT PRO
LG continues automotive pivot with $240 million Cybellum acquisition | IT PRO
The Israeli startup detects vulnerabilities in automotive hardware and software services using digital twins