βΌ CVE-2021-37104 βΌ
π Read
via "National Vulnerability Database".
There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22535 βΌ
π Read
via "National Vulnerability Database".
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37105 βΌ
π Read
via "National Vulnerability Database".
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38124 βΌ
π Read
via "National Vulnerability Database".
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34636 βΌ
π Read
via "National Vulnerability Database".
The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37106 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.π Read
via "National Vulnerability Database".
β Serious Security: Letβs Encrypt gets ready to go it alone (in a good way!) β
π Read
via "Naked Security".
Let's Encrypt is set to become a mainstream, self-certifying web certificate authority - here's why it took so many years.π Read
via "Naked Security".
Naked Security
Serious Security: Letβs Encrypt gets ready to go it alone (in a good way!)
Letβs Encrypt is set to become a mainstream, self-certifying web certificate authority β hereβs why it took so many years.
π¦Ώ 3 tips to protect your users against credential phishing attacks π¦Ώ
π Read
via "Tech Republic".
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.π Read
via "Tech Republic".
TechRepublic
3 tips to protect your users against credential phishing attacks
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.
π¦Ώ New Chrome feature can tell sites and webapps when you're idle π¦Ώ
π Read
via "Tech Republic".
The new Idle Detection API gives Chrome the ability to register whether a user is active, and has drawn concerns from privacy advocates. Here's how to disable it.π Read
via "Tech Republic".
TechRepublic
New Chrome feature can tell sites and webapps when youβre idle
The new Idle Detection API gives Chrome the ability to register whether a user is active, and has drawn concerns from privacy advocates. Here's how to disable it.
π¦Ώ Deepwatch announces managed detection and response solution for SMBs π¦Ώ
π Read
via "Tech Republic".
The fully-automated security operations center solution comes with 24/7 support and sets up in less than an hour.π Read
via "Tech Republic".
TechRepublic
Deepwatch announces managed detection and response solution for SMBs
The fully-automated security operations center solution comes with 24/7 support and sets up in less than an hour.
π΄ US Extradites CardPlanet Operator Back to Russia π΄
π Read
via "Dark Reading".
Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud.π Read
via "Dark Reading".
Dark Reading
US Extradites CardPlanet Operator Back to Russia
Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud.
β SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever β
π Read
via "Threat Post".
A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities.π Read
via "Threat Post".
Threat Post
SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever
A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities.
π¦Ώ Don't let cybercriminals ruin your merger or acquisition π¦Ώ
π Read
via "Tech Republic".
Companies are vulnerable to potential cyberthreats during mergers and acquisitions; learn from an expert why and how to reduce security risks during the transition.π Read
via "Tech Republic".
TechRepublic
Don't let cybercriminals ruin your merger or acquisitionβfollow this expert's advice
Companies are vulnerable to potential cyberthreats during mergers and acquisitions; learn from an expert why and how to reduce security risks during the transition.
βΌ CVE-2021-29361 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36366 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29360 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29362 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29365 βΌ
π Read
via "National Vulnerability Database".
Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36363 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36364 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29366 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".