ποΈ Google Chrome to incorporate new secure payment feature ποΈ
π Read
via "The Daily Swig".
New tech touted as faster and stronger than web-based authentication alternativesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Chrome to incorporate new secure payment feature
New tech touted as faster and stronger than web-based authentication alternatives
βΌ CVE-2021-34409 βΌ
π Read
via "National Vulnerability Database".
User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34416 βΌ
π Read
via "National Vulnerability Database".
The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33907 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36218 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-36219 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34411 βΌ
π Read
via "National Vulnerability Database".
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34414 βΌ
π Read
via "National Vulnerability Database".
The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34410 βΌ
π Read
via "National Vulnerability Database".
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22272 βΌ
π Read
via "National Vulnerability Database".
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouchπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36878 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34413 βΌ
π Read
via "National Vulnerability Database".
All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26587 βΌ
π Read
via "National Vulnerability Database".
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34408 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37786 βΌ
π Read
via "National Vulnerability Database".
Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34415 βΌ
π Read
via "National Vulnerability Database".
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34412 βΌ
π Read
via "National Vulnerability Database".
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37539 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.π Read
via "National Vulnerability Database".
π΄ Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance π΄
π Read
via "Dark Reading".
FASTTR initiative enhances stackArmor's ThreatAlert by building on market-leading Telos' Xacta for security compliance documentation and Splunk for security information and event management.π Read
via "Dark Reading".
Dark Reading
Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance
FASTTR initiative enhances stackArmor's ThreatAlert by building on market-leading Telos' Xacta for security compliance documentation and Splunk for security information and event management.
π΄ Zero Trust Comes to Industry's Broadest Cybersecurity Platform π΄
π Read
via "Dark Reading".
Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making.π Read
via "Dark Reading".
Dark Reading
Zero Trust Comes to Industry's Broadest Cybersecurity Platform
Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making.
π΄ BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms π΄
π Read
via "Dark Reading".
Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamersβ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin.π Read
via "Dark Reading".
Dark Reading
BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms
Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamersβ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin.