‼ CVE-2021-35201 ‼
📖 Read
via "National Vulnerability Database".
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35202 ‼
📖 Read
via "National Vulnerability Database".
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41325 ‼
📖 Read
via "National Vulnerability Database".
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35204 ‼
📖 Read
via "National Vulnerability Database".
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41288 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35203 ‼
📖 Read
via "National Vulnerability Database".
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.📖 Read
via "National Vulnerability Database".
🕴 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage 🕴
📖 Read
via "Dark Reading".
Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations📖 Read
via "Dark Reading".
Dark Reading
10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage
Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations
🕴 Akamai Acquires Guardicore in $600M Deal 🕴
📖 Read
via "Dark Reading".
In other acquisition news today, Arctic Wolf announced it will acquire Habitu8, a managed security awareness platform, for an undisclosed amount.📖 Read
via "Dark Reading".
Dark Reading
Akamai Acquires Guardicore in $600M Deal
In other acquisition news today, Arctic Wolf announced it will acquire Habitu8, a managed security awareness platform, for an undisclosed amount.
‼ CVE-2020-20746 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41324 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33583 ‼
📖 Read
via "National Vulnerability Database".
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41101 ‼
📖 Read
via "National Vulnerability Database".
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XSS vector in any of the subdomains, they could use it to talk to the Wire API using the user's Cookie. A patch does not exist, but a workaround does. To make sure that a compromise of one subdomain does not yield access to the cookie of another, one may limit the `Access-Control-Allow-Origin` header to apps that actually require the cookie (account-pages, team-settings and the webapp).📖 Read
via "National Vulnerability Database".
❌ Google Emergency Update Fixes Two Chrome Zero Days ❌
📖 Read
via "Threat Post".
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.📖 Read
via "Threat Post".
Threat Post
Google Emergency Update Fixes Two Chrome Zero Days
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.
🕴 More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic 🕴
📖 Read
via "Dark Reading".
Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections.📖 Read
via "Dark Reading".
Dark Reading
More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic
Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections.
‼ CVE-2020-20796 ‼
📖 Read
via "National Vulnerability Database".
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20799 ‼
📖 Read
via "National Vulnerability Database".
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20797 ‼
📖 Read
via "National Vulnerability Database".
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.📖 Read
via "National Vulnerability Database".
🗓️ US retailer Neiman Marcus notifies 4.6 million customers of data breach 🗓️
📖 Read
via "The Daily Swig".
Department store chain forces password reset after discovering 2020 incident last month📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US retailer Neiman Marcus notifies 4.6 million customers of data breach
Department store chain forces password reset after discovering 2020 incident last month
‼ CVE-2021-23893 ‼
📖 Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.📖 Read
via "National Vulnerability Database".
📢 Cloudflare enters the email security business 📢
📖 Read
via "ITPro".
New email routing and DNS Wizard capabilities make email management a breeze📖 Read
via "ITPro".
IT PRO
Cloudflare enters the email security business | IT PRO
New email routing and DNS Wizard capabilities make email management a breeze
📢 Android Trojan charges millions of victims €36 per month 📢
📖 Read
via "ITPro".
Up to 10 million users across 70 countries are thought to have been affected📖 Read
via "ITPro".
IT PRO
Android Trojan charges millions of victims €36 per month | IT PRO
Up to 10 million users across 70 countries are thought to have been affected