π’ Microsoft to scrap Basic Authentication in Exchange Online π’
π Read
via "ITPro".
The tech giant has announced October 2022 as the cut-off date for Exchange Online tenantsπ Read
via "ITPro".
ITPro
Microsoft to scrap Basic Authentication in Exchange Online
The tech giant has announced October 2022 as the cut-off date for Exchange Online tenants
ποΈ Social media scam: Twitter bots are tricking users into making PayPal and Venmo payments into fraudstersβ accounts ποΈ
π Read
via "The Daily Swig".
Social engineering scammers are using cloned social media accounts to carry out deceitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Social media scam: Twitter bots are tricking users into making PayPal and Venmo payments into fraudstersβ accounts
Social engineering scammers are using cloned social media accounts to carry out deceit
π΄ Modern Security Breaches Demand Diligent Planning and Executive Support π΄
π Read
via "Dark Reading".
Teams that remain reactive will always be on the back foot β take an active stance.π Read
via "Dark Reading".
Dark Reading
Modern Security Breaches Demand Diligent Planning and Executive Support
Teams that remain reactive will always be on the back foot β take an active stance.
βΌ CVE-2021-37146 βΌ
π Read
via "National Vulnerability Database".
An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41536 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41540 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41537 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41538 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41533 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41535 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41534 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41539 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773).π Read
via "National Vulnerability Database".
ποΈ Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022 ποΈ
π Read
via "The Daily Swig".
Browser extension can be retired as push to encrypt the web is almost complete, says EFFπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022
Browser extension can be retired as push to encrypt the web is almost complete, says EFF
β SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor β
π Read
via "Threat Post".
Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.π Read
via "Threat Post".
Threat Post
SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor
Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.
β Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw β
π Read
via "Threat Post".
The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.π Read
via "Threat Post".
Threat Post
Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.
π΄ Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation π΄
π Read
via "Dark Reading".
FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation.π Read
via "Dark Reading".
Dark Reading
Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation
FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation.
π¦Ώ OWASP updates top 10 list with decades old security risk in #1 spot π¦Ώ
π Read
via "Tech Republic".
2021 list shows how far application security has come and how much work is left to do.π Read
via "Tech Republic".
TechRepublic
OWASP updates top 10 list with decades old security risk in #1 spot
2021 list shows how far application security has come and how much work is left to do.
βοΈ Apple Airtag Bug Enables βGood Samaritanβ Attack βοΈ
π Read
via "Krebs on Security".
The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website.π Read
via "Krebs on Security".
Krebs on Security
Apple AirTag Bug Enables βGood Samaritanβ Attack
The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the Airtag has beenβ¦
βΌ CVE-2021-37104 βΌ
π Read
via "National Vulnerability Database".
There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22535 βΌ
π Read
via "National Vulnerability Database".
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37105 βΌ
π Read
via "National Vulnerability Database".
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.π Read
via "National Vulnerability Database".