π΄ Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance π΄
π Read
via "Dark Reading".
FASTTR initiative enhances stackArmor's ThreatAlert by building on market-leading Telos' Xacta for security compliance documentation and Splunk for security information and event management.π Read
via "Dark Reading".
Dark Reading
Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance
FASTTR initiative enhances stackArmor's ThreatAlert by building on market-leading Telos' Xacta for security compliance documentation and Splunk for security information and event management.
π΄ Zero Trust Comes to Industry's Broadest Cybersecurity Platform π΄
π Read
via "Dark Reading".
Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making.π Read
via "Dark Reading".
Dark Reading
Zero Trust Comes to Industry's Broadest Cybersecurity Platform
Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making.
π΄ BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms π΄
π Read
via "Dark Reading".
Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamersβ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin.π Read
via "Dark Reading".
Dark Reading
BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms
Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamersβ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin.
π΄ Cloudflare Ventures into Simplifying Email Security π΄
π Read
via "Dark Reading".
The company adds complex email security technologies β including the alphabet soup of SPF, DKIM, and DMARC β as part of its service.π Read
via "Dark Reading".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
π¦Ώ Compromising a government network is so simple, an out-of-the-box, dark web RAT can do it π¦Ώ
π Read
via "Tech Republic".
Commercially-available malware, with minimal modification, is behind attacks against the Indian government, says Cisco's Talos security research group.π Read
via "Tech Republic".
TechRepublic
Compromising a government network is so simple, an out-of-the-box, dark web RAT can do it
Commercially-available malware, with minimal modification, is behind attacks against the Indian government, says Cisco's Talos security research group.
βΌ CVE-2021-24633 βΌ
π Read
via "National Vulnerability Database".
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40709 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40700 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24666 βΌ
π Read
via "National Vulnerability Database".
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36877 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24659 βΌ
π Read
via "National Vulnerability Database".
The PostX ΓΒ’Γ’β¬Òβ¬Ε Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39818 βΌ
π Read
via "National Vulnerability Database".
Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24610 βΌ
π Read
via "National Vulnerability Database".
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23445 βΌ
π Read
via "National Vulnerability Database".
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24660 βΌ
π Read
via "National Vulnerability Database".
The PostX ΓΒ’Γ’β¬Òβ¬Ε Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24661 βΌ
π Read
via "National Vulnerability Database".
The PostX ΓΒ’Γ’β¬Òβ¬Ε Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40712 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40702 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40329 βΌ
π Read
via "National Vulnerability Database".
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39827 βΌ
π Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36845 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin.π Read
via "National Vulnerability Database".