βΌ CVE-2021-37106 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.π Read
via "National Vulnerability Database".
β Serious Security: Letβs Encrypt gets ready to go it alone (in a good way!) β
π Read
via "Naked Security".
Let's Encrypt is set to become a mainstream, self-certifying web certificate authority - here's why it took so many years.π Read
via "Naked Security".
Naked Security
Serious Security: Letβs Encrypt gets ready to go it alone (in a good way!)
Letβs Encrypt is set to become a mainstream, self-certifying web certificate authority β hereβs why it took so many years.
π¦Ώ 3 tips to protect your users against credential phishing attacks π¦Ώ
π Read
via "Tech Republic".
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.π Read
via "Tech Republic".
TechRepublic
3 tips to protect your users against credential phishing attacks
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.
π¦Ώ New Chrome feature can tell sites and webapps when you're idle π¦Ώ
π Read
via "Tech Republic".
The new Idle Detection API gives Chrome the ability to register whether a user is active, and has drawn concerns from privacy advocates. Here's how to disable it.π Read
via "Tech Republic".
TechRepublic
New Chrome feature can tell sites and webapps when youβre idle
The new Idle Detection API gives Chrome the ability to register whether a user is active, and has drawn concerns from privacy advocates. Here's how to disable it.
π¦Ώ Deepwatch announces managed detection and response solution for SMBs π¦Ώ
π Read
via "Tech Republic".
The fully-automated security operations center solution comes with 24/7 support and sets up in less than an hour.π Read
via "Tech Republic".
TechRepublic
Deepwatch announces managed detection and response solution for SMBs
The fully-automated security operations center solution comes with 24/7 support and sets up in less than an hour.
π΄ US Extradites CardPlanet Operator Back to Russia π΄
π Read
via "Dark Reading".
Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud.π Read
via "Dark Reading".
Dark Reading
US Extradites CardPlanet Operator Back to Russia
Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud.
β SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever β
π Read
via "Threat Post".
A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities.π Read
via "Threat Post".
Threat Post
SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever
A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities.
π¦Ώ Don't let cybercriminals ruin your merger or acquisition π¦Ώ
π Read
via "Tech Republic".
Companies are vulnerable to potential cyberthreats during mergers and acquisitions; learn from an expert why and how to reduce security risks during the transition.π Read
via "Tech Republic".
TechRepublic
Don't let cybercriminals ruin your merger or acquisitionβfollow this expert's advice
Companies are vulnerable to potential cyberthreats during mergers and acquisitions; learn from an expert why and how to reduce security risks during the transition.
βΌ CVE-2021-29361 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36366 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29360 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29362 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29365 βΌ
π Read
via "National Vulnerability Database".
Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36363 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36364 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29366 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29358 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29363 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74π Read
via "National Vulnerability Database".
βΌ CVE-2021-29364 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41104 βΌ
π Read
via "National Vulnerability Database".
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29367 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.π Read
via "National Vulnerability Database".