βΌ CVE-2020-20696 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20692 βΌ
π Read
via "National Vulnerability Database".
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20693 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20691 βΌ
π Read
via "National Vulnerability Database".
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.π Read
via "National Vulnerability Database".
β Credential Spear-Phishing Uses Spoofed Zix Encrypted Email β
π Read
via "Threat Post".
The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.π Read
via "Threat Post".
Threat Post
Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.
ποΈ Better future? Safari browser extension is preparing for Appleβs βpost-privacyβ world ποΈ
π Read
via "The Daily Swig".
βAppleβs plans to violate your privacy have left a sour taste in our mouthsβ, says developersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Better future? Safari browser extension is preparing for Appleβs βpost-privacyβ world
βAppleβs plans to violate your privacy have left a sour taste in our mouthsβ, says developers
βΌ CVE-2021-33600 βΌ
π Read
via "National Vulnerability Database".
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36165 βΌ
π Read
via "National Vulnerability Database".
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33601 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.π Read
via "National Vulnerability Database".
π¦Ώ United Health Centers reportedly compromised by ransomware attack π¦Ώ
π Read
via "Tech Republic".
A ransomware gang called Vice Society claims it grabbed confidential data such as patient benefits, financial documents and lab results.π Read
via "Tech Republic".
TechRepublic
United Health Centers reportedly compromised by ransomware attack
A ransomware gang called Vice Society claims it grabbed confidential data such as patient benefits, financial documents and lab results.
π’ 100 million IoT devices affected by zero-day flaw π’
π Read
via "ITPro".
Vulnerability could affect car, fire detection, and patient data sensorsπ Read
via "ITPro".
ITPro
100 million IoT devices affected by zero-day flaw
Vulnerability could affect car, fire detection, and patient data sensors
π’ What is a web filter? π’
π Read
via "ITPro".
We look at best ways to block, hide, or flag undesired search engine resultsπ Read
via "ITPro".
IT PRO
What is a web filter? | IT PRO
We look at best ways to block, hide, or flag undesired search engine results
π’ Malware developers create malformed code signatures to avoid detection π’
π Read
via "ITPro".
Google researchers uncovers technique used to push dodgy software onto unsuspecting victimsπ Read
via "ITPro".
IT PRO
Malware developers create malformed code signatures to avoid detection | IT PRO
Google researchers uncovers technique used to push dodgy software onto unsuspecting victims
π’ Microsoft to scrap Basic Authentication in Exchange Online π’
π Read
via "ITPro".
The tech giant has announced October 2022 as the cut-off date for Exchange Online tenantsπ Read
via "ITPro".
ITPro
Microsoft to scrap Basic Authentication in Exchange Online
The tech giant has announced October 2022 as the cut-off date for Exchange Online tenants
ποΈ Social media scam: Twitter bots are tricking users into making PayPal and Venmo payments into fraudstersβ accounts ποΈ
π Read
via "The Daily Swig".
Social engineering scammers are using cloned social media accounts to carry out deceitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Social media scam: Twitter bots are tricking users into making PayPal and Venmo payments into fraudstersβ accounts
Social engineering scammers are using cloned social media accounts to carry out deceit
π΄ Modern Security Breaches Demand Diligent Planning and Executive Support π΄
π Read
via "Dark Reading".
Teams that remain reactive will always be on the back foot β take an active stance.π Read
via "Dark Reading".
Dark Reading
Modern Security Breaches Demand Diligent Planning and Executive Support
Teams that remain reactive will always be on the back foot β take an active stance.
βΌ CVE-2021-37146 βΌ
π Read
via "National Vulnerability Database".
An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41536 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41540 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41537 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41538 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).π Read
via "National Vulnerability Database".