βΌ CVE-2021-41503 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2016-6555 βΌ
π Read
via "National Vulnerability Database".
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40655 βΌ
π Read
via "National Vulnerability Database".
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php pageπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40654 βΌ
π Read
via "National Vulnerability Database".
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php pageπ Read
via "National Vulnerability Database".
βΌ CVE-2016-6556 βΌ
π Read
via "National Vulnerability Database".
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41504 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21742 βΌ
π Read
via "National Vulnerability Database".
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.π Read
via "National Vulnerability Database".
π’ Microsoft exposes BulletProofLink 'phishing as a service' criminal enterprise π’
π Read
via "ITPro".
The sophisticated outfit handles everything from template design to web hosting and credentials processingπ Read
via "ITPro".
ITPro
Microsoft exposes BulletProofLink 'phishing as a service' criminal enterprise
The sophisticated outfit handles everything from template design to web hosting and credentials processing
π’ The new frontier of endpoint management π’
π Read
via "ITPro".
How analytics and security stacks are driving employee experience initiativesπ Read
via "ITPro".
IT PRO
The new frontier of endpoint management
How analytics and security stacks are driving employee experience initiatives
π’ IT Pro News in Review: MoD data leak, UK tech jobs boom, Facebook launches Portal for Business π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News in Review: MoD data leak, UK tech jobs boom, Facebook launches Portal for Business
Welcome to IT Pro's News in Review, a weekly bite-sized bulletin of the top tech stories of the week, for the week ending 24 September, 2021.
π’ Critical flaw in vCenter Server could give hackers infrastructure access π’
π Read
via "ITPro".
VMware is urging users to patch the 9.8-rated vulnerability as soon as possibleπ Read
via "ITPro".
IT PRO
Critical flaw in vCenter Server could give hackers infrastructure access | IT PRO
VMware is urging users to patch the 9.8-rated vulnerability as soon as possible
π’ New FamousSparrow hacking group caught targeting hotels π’
π Read
via "ITPro".
Microsoft Exchange ProxyLogon flaw used in attacksπ Read
via "ITPro".
ITPro
New FamousSparrow hacking group caught targeting hotels
Microsoft Exchange ProxyLogon flaw used in attacks
π’ Managing security and risk across the IT supply chain: A practical approach π’
π Read
via "ITPro".
Best practices for IT supply chain securityπ Read
via "ITPro".
IT PRO
Managing security and risk across the IT supply chain: A practical approach
<em>Provided by</em>
π’ US Treasury sanctions crypto exchange over role in ransomware attacks π’
π Read
via "ITPro".
The Suex exchange allegedly facilitated financial transactions for ransomware actorsπ Read
via "ITPro".
IT PRO
US Treasury sanctions crypto exchange over role in ransomware attacks | IT PRO
The Suex exchange allegedly facilitated financial transactions for ransomware actors
π’ HP Wolf Security: Threat insights report π’
π Read
via "ITPro".
Equipping security teams with the knowledge to combat emerging threatsπ Read
via "ITPro".
IT PRO
HP Wolf Security: Threat insights report
Equipping security teams with the knowledge to combat emerging threats
π’ How to plan for endpoint security against ever-evolving cyber threats π’
π Read
via "ITPro".
Safeguard your devices, data, and reputationπ Read
via "ITPro".
IT PRO
How to plan for endpoint security against ever-evolving cyber threats
Safeguard your devices, data, and reputation
π’ Minnesota farm coop caught in ransomware attack π’
π Read
via "ITPro".
Crystal valley becomes second agribusiness to find data encrypted by criminalsπ Read
via "ITPro".
IT PRO
Minnesota farm coop caught in ransomware attack | IT PRO
Crystal valley becomes second agribusiness to find data encrypted by criminals
π’ LG continues automotive pivot with $240 million Cybellum acquisition π’
π Read
via "ITPro".
The Israeli startup detects vulnerabilities in automotive hardware and software services using digital twinsπ Read
via "ITPro".
IT PRO
LG continues automotive pivot with $240 million Cybellum acquisition | IT PRO
The Israeli startup detects vulnerabilities in automotive hardware and software services using digital twins
π’ CISA, FBI, and NSA issue a Conti ransomware advisory π’
π Read
via "ITPro".
Joint statement with the FBI and the NSA warns of increased attacks from the Conti Ransomwareπ Read
via "ITPro".
IT PRO
CISA, FBI, and NSA issue a Conti ransomware advisory | IT PRO
Joint statement with the FBI and the NSA warns of increased attacks from the Conti Ransomware
π’ Phishing emails target victims with fake vaccine passport offer π’
π Read
via "ITPro".
Scammers could steal victimsβ personal information and never deliver the illegal goods, Fortinet warnsπ Read
via "ITPro".
IT PRO
Phishing emails target victims with fake vaccine passport offer | IT PRO
Scammers could steal victimsβ personal information and never deliver the illegal goods, Fortinet warns
βΌ CVE-2021-3830 βΌ
π Read
via "National Vulnerability Database".
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".