βΌ CVE-2021-33583 βΌ
π Read
via "National Vulnerability Database".
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41101 βΌ
π Read
via "National Vulnerability Database".
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XSS vector in any of the subdomains, they could use it to talk to the Wire API using the user's Cookie. A patch does not exist, but a workaround does. To make sure that a compromise of one subdomain does not yield access to the cookie of another, one may limit the `Access-Control-Allow-Origin` header to apps that actually require the cookie (account-pages, team-settings and the webapp).π Read
via "National Vulnerability Database".
β Google Emergency Update Fixes Two Chrome Zero Days β
π Read
via "Threat Post".
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.π Read
via "Threat Post".
Threat Post
Google Emergency Update Fixes Two Chrome Zero Days
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.
π΄ More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic π΄
π Read
via "Dark Reading".
Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections.π Read
via "Dark Reading".
Dark Reading
More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic
Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections.
βΌ CVE-2020-20796 βΌ
π Read
via "National Vulnerability Database".
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20799 βΌ
π Read
via "National Vulnerability Database".
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20797 βΌ
π Read
via "National Vulnerability Database".
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.π Read
via "National Vulnerability Database".
ποΈ US retailer Neiman Marcus notifies 4.6 million customers of data breach ποΈ
π Read
via "The Daily Swig".
Department store chain forces password reset after discovering 2020 incident last monthπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US retailer Neiman Marcus notifies 4.6 million customers of data breach
Department store chain forces password reset after discovering 2020 incident last month
βΌ CVE-2021-23893 βΌ
π Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.π Read
via "National Vulnerability Database".
π’ Cloudflare enters the email security business π’
π Read
via "ITPro".
New email routing and DNS Wizard capabilities make email management a breezeπ Read
via "ITPro".
IT PRO
Cloudflare enters the email security business | IT PRO
New email routing and DNS Wizard capabilities make email management a breeze
π’ Android Trojan charges millions of victims β¬36 per month π’
π Read
via "ITPro".
Up to 10 million users across 70 countries are thought to have been affectedπ Read
via "ITPro".
IT PRO
Android Trojan charges millions of victims β¬36 per month | IT PRO
Up to 10 million users across 70 countries are thought to have been affected
π’ Account takeovers rise nearly threefold during pandemic π’
π Read
via "ITPro".
Financial services hit hardest by account hijackers, says Sift reportπ Read
via "ITPro".
IT PRO
Account takeovers rise nearly threefold during pandemic | IT PRO
Financial services hit hardest by account hijackers, says Sift report
π’ The worst hacks of all time π’
π Read
via "ITPro".
Yahoo, LinkedIn, Facebook, here is a quick guide to some of the biggest data breaches in historyπ Read
via "ITPro".
IT PRO
The worst hacks of all time | IT PRO
Yahoo, LinkedIn, Facebook, here is a quick guide to some of the biggest data breaches in history
π’ Akamai to acquire cyber security firm Guardicore π’
π Read
via "ITPro".
Guardicoreβs micro-segmentation solution will add to Akamaiβs Zero Trust Security portfolioπ Read
via "ITPro".
IT PRO
Akamai to acquire cyber security firm Guardicore | IT PRO
Guardicoreβs micro-segmentation solution will add to Akamaiβs Zero Trust Security portfolio
π’ Detained Russian cyber sec tycoon 'exposed classified data', state media claims π’
π Read
via "ITPro".
Ilya Sachkov is accused of handing over security data to foreign intelligence servicesπ Read
via "ITPro".
IT PRO
Detained Russian cyber sec tycoon 'exposed classified data', state media claims | IT PRO
Ilya Sachkov is accused of handing over security data to foreign intelligence services
π’ NSA and CISA offer new security guidance for VPNs π’
π Read
via "ITPro".
Multiple nation-state threat actors using known flaws to access systemsπ Read
via "ITPro".
IT PRO
NSA and CISA offer new security guidance for VPNs | IT PRO
Multiple nation-state threat actors using known flaws to access systems
π’ Cellebrite launches industry-first remote data collection solution π’
π Read
via "ITPro".
New solution aids organizationsβ e-discovery and corporate investigation proceduresπ Read
via "ITPro".
IT PRO
Cellebrite launches industry-first remote data collection solution | IT PRO
New solution aids organizationsβ e-discovery and corporate investigation procedures
π’ Visa card holders using Apple Pay warned of payment exploit that bypasses user authentication π’
π Read
via "ITPro".
Commuters are being urged to disable Apple Pay express transit mode for Visa cardsπ Read
via "ITPro".
IT PRO
Visa card holders using Apple Pay warned of payment exploit that bypasses user authentication | IT PRO
Commuters are being urged to disable Apple Pay express transit mode for Visa cards
π’ Alkira offers Check Point CloudGuard Security to secure virtual cloud networks π’
π Read
via "ITPro".
New service allows admins to connect cloud services, data centers and VPNsπ Read
via "ITPro".
IT PRO
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks | IT PRO
New service allows admins to connect cloud services, data centers and VPNs
π’ Two-thirds of organizations have fallen victim to ransomware π’
π Read
via "ITPro".
New report finds ransomware attacks grew by over 1,000%π Read
via "ITPro".
IT PRO
Two-thirds of organizations have fallen victim to ransomware | IT PRO
New report finds ransomware attacks grew by over 1,000%
π’ How to turn on Windows Defender π’
π Read
via "ITPro".
Find out how to turn on, or off, Windows Defender on Windows 10 and older versions of Windowsπ Read
via "ITPro".
ITPro
How to turn on Windows Defender
A simple guide on how to turn on Windows Defender in Windows 10 and Windows 11, and turn it off again if necessary