‼ CVE-2021-39827 ‼
📖 Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36845 ‼
📖 Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39823 ‼
📖 Read
via "National Vulnerability Database".
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40701 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39826 ‼
📖 Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39824 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
❌ Women, Minorities Are Hacked More Than Others ❌
📖 Read
via "Threat Post".
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.📖 Read
via "Threat Post".
Threat Post
Women, Minorities Are Hacked More Than Others
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.
‼ CVE-2021-24632 ‼
📖 Read
via "National Vulnerability Database".
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40713 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41558 ‼
📖 Read
via "National Vulnerability Database".
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.📖 Read
via "National Vulnerability Database".
🔏 Ransomware Attacks on Agriculture Industry Increase 🔏
📖 Read
via "".
Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .📖 Read
via "".
Digital Guardian
Ransomware Attacks on Agriculture Industry Increase
Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .
🕴 7 Ways to Thwart Malicious Insiders 🕴
📖 Read
via "Dark Reading".
Malicious insider incidents are less frequent than inadvertent user missteps, but they can cost organizations big time.📖 Read
via "Dark Reading".
Dark Reading
7 Ways to Thwart Malicious Insiders
Malicious insider incidents may be less frequent than inadvertent user missteps, but they can cost organizations big time.
🕴 Thoma Bravo Completes Strategic Investment in Intel 471 🕴
📖 Read
via "Dark Reading".
Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments.📖 Read
via "Dark Reading".
Dark Reading
Thoma Bravo Completes Strategic Investment in Intel 471
Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments.
‼ CVE-2021-41097 ‼
📖 Read
via "National Vulnerability Database".
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20035 ‼
📖 Read
via "National Vulnerability Database".
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20034 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.📖 Read
via "National Vulnerability Database".
❌ 5 Steps to Securing Your Network Perimeter ❌
📖 Read
via "Threat Post".
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.📖 Read
via "Threat Post".
Threat Post
5 Steps to Securing Your Network Perimeter
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.
🕴 Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers 🕴
📖 Read
via "Dark Reading".
The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers
The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.
🕴 Microsoft Adds Emergency Threat Mitigation to its Exchange Server Software 🕴
📖 Read
via "Dark Reading".
The built-in service automates mitigations to known Exchange Server threats.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Adds Emergency Threat Mitigation to Its Exchange Server Software
The built-in service automates mitigations to known Exchange Server threats.
‼ CVE-2021-37270 ‼
📖 Read
via "National Vulnerability Database".
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41096 ‼
📖 Read
via "National Vulnerability Database".
Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for nightly builds. As a workaround, one may disable an advance security feature if not required.📖 Read
via "National Vulnerability Database".