π’ How to manage AI risk π’
π Read
via "ITPro".
Recommendations from the Cyber Resilience Think Tankπ Read
via "ITPro".
IT PRO
How to manage AI risk
<em>Provided by</em>
π’ The truth about cyber security training π’
π Read
via "ITPro".
Stop ticking boxes. Start delivering real change.π Read
via "ITPro".
IT PRO
The truth about cyber security training
Stop ticking boxes. Start delivering real change.
π’ The state of brand protection 2021 π’
π Read
via "ITPro".
A new front opens up in the war for brand safetyπ Read
via "ITPro".
IT PRO
The state of brand protection 2021
A new front opens up in the war for brand safety
π¦Ώ Does your company have a cybersecurity strategy? Is it any good? π¦Ώ
π Read
via "Tech Republic".
Take this quick, multiple choice survey and tell us about your company's cybersecurity strategies for the upcoming year.π Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
ποΈ MyBB CAPTCHA bug breaks forum validation checks ποΈ
π Read
via "The Daily Swig".
Forum owners can apply a workaround until a full fix is releasedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
MyBB CAPTCHA bug breaks forum validation checks
Forum owners can apply a workaround until a full fix is released
βΌ CVE-2021-41770 βΌ
π Read
via "National Vulnerability Database".
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42054 βΌ
π Read
via "National Vulnerability Database".
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42053 βΌ
π Read
via "National Vulnerability Database".
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.π Read
via "National Vulnerability Database".
ποΈ Apache Ranger maintainers slam unflattering cloud data security comparison with Immuta ποΈ
π Read
via "The Daily Swig".
Immuta defends benchmark study comparing access control policy management burdensπ Read
via "The Daily Swig".
π Wireshark Analyzer 3.4.9 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Twitch breach leads to leak of source code and streamer earnings data ποΈ
π Read
via "The Daily Swig".
This is like βKFC losing its secret recipeβπ Read
via "The Daily Swig".
π¦Ώ A unique method of securing SSH π¦Ώ
π Read
via "Tech Republic".
Jack Wallen offers up a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.π Read
via "Tech Republic".
TechRepublic
How to use this unique method of securing SSH
Jack Wallen offers a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.
π΄ New Regulations Are Coming β Get a Handle on Your App Portfolio π΄
π Read
via "Dark Reading".
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.π Read
via "Dark Reading".
Dark Reading
New Regulations Are Coming β Get a Handle on Your App Portfolio
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.
βΌ CVE-2021-3832 βΌ
π Read
via "National Vulnerability Database".
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40978 βΌ
π Read
via "National Vulnerability Database".
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20605 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20603 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41865 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22958 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20602 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35067 βΌ
π Read
via "National Vulnerability Database".
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).π Read
via "National Vulnerability Database".