โผ CVE-2021-21570 โผ
๐ Read
via "National Vulnerability Database".
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36284 โผ
๐ Read
via "National Vulnerability Database".
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.๐ Read
via "National Vulnerability Database".
๐ด Outsourced Software Pose Greater Risks to Enterprise Application Security ๐ด
๐ Read
via "Dark Reading".
In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to the organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report.๐ Read
via "Dark Reading".
Dark Reading
Outsourced Software Poses Greater Risks to Enterprise Application Security
In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to an organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report.
๐ด 75K Email Inboxes Hit in New Credential Phishing Campaign ๐ด
๐ Read
via "Dark Reading".
Attacker used a legitimate โ but likely deprecated โ domain to sneak malicious emails past security filters, vendor says.๐ Read
via "Dark Reading".
Dark Reading
75K Email Inboxes Hit in New Credential Phishing Campaign
Attacker used a legitimate โ but likely deprecated โ domain to sneak malicious emails past security filters, vendor says.
โผ CVE-2020-20122 โผ
๐ Read
via "National Vulnerability Database".
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-20124 โผ
๐ Read
via "National Vulnerability Database".
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-20120 โผ
๐ Read
via "National Vulnerability Database".
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-20125 โผ
๐ Read
via "National Vulnerability Database".
EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php.๐ Read
via "National Vulnerability Database".
๐ข What makes a password secure? ๐ข
๐ Read
via "ITPro".
IT security is constantly evolving to counter threats, but the password remains a key part of our security arsenal๐ Read
via "ITPro".
IT PRO
What makes a password secure? | IT PRO
IT security is constantly evolving to counter threats, but the password remains a key part of our security arsenal
๐ข Amazon to offer cyber insurance to UK SMBs ๐ข
๐ Read
via "ITPro".
The insurance will cover risks such as accidental privacy breaches, extortion and ransomware๐ Read
via "ITPro".
IT PRO
Amazon to offer cyber insurance to UK SMBs | IT PRO
The insurance will cover risks such as accidental privacy breaches, extortion and ransomware
๐ข Women and BAME individuals are hardest hit by cyber crime ๐ข
๐ Read
via "ITPro".
Malwarebytes calls on the technology industry to do more to provide secure internet access to everyone๐ Read
via "ITPro".
IT PRO
Women and BAME individuals are hardest hit by cyber crime | IT PRO
Malwarebytes calls on the technology industry to do more to provide secure internet access to everyone
๐ข UKโs next National Cyber Strategy to reflect need for security industrial base ๐ข
๐ Read
via "ITPro".
The countryโs upcoming National Cyber Security Strategy will 'hopefully' be released later this year๐ Read
via "ITPro".
IT PRO
UKโs next National Cyber Strategy to reflect need for security industrial base | IT PRO
The countryโs upcoming National Cyber Security Strategy will 'hopefully' be released later this year
๐ข Hackers spoof Zix in credential phishing attack ๐ข
๐ Read
via "ITPro".
The attack has impacted around 75,000 Office 365, Google Workspace and Exchange users๐ Read
via "ITPro".
IT PRO
Hackers spoof Zix in credential phishing attack | IT PRO
The attack has impacted around 75,000 Office 365, Google Workspace and Exchange users
๐ข Large companies fall short on domain security ๐ข
๐ Read
via "ITPro".
Most large businesses still need to implement enterprise-level controls๐ Read
via "ITPro".
IT PRO
Large companies fall short on domain security | IT PRO
Most large businesses still need to implement enterprise-level controls
โผ CVE-2021-32466 โผ
๐ Read
via "National Vulnerability Database".
An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35028 โผ
๐ Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36745 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33923 โผ
๐ Read
via "National Vulnerability Database".
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33924 โผ
๐ Read
via "National Vulnerability Database".
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35027 โผ
๐ Read
via "National Vulnerability Database".
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.๐ Read
via "National Vulnerability Database".
โ๏ธ The Rise of One-Time Password Interception Bots โ๏ธ
๐ Read
via "Krebs on Security".
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.๐ Read
via "Krebs on Security".
Krebs on Security
The Rise of One-Time Password Interception Bots
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, butโฆ