ποΈ Twitch breach leads to leak of source code and streamer earnings data ποΈ
π Read
via "The Daily Swig".
This is like βKFC losing its secret recipeβπ Read
via "The Daily Swig".
π¦Ώ A unique method of securing SSH π¦Ώ
π Read
via "Tech Republic".
Jack Wallen offers up a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.π Read
via "Tech Republic".
TechRepublic
How to use this unique method of securing SSH
Jack Wallen offers a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.
π΄ New Regulations Are Coming β Get a Handle on Your App Portfolio π΄
π Read
via "Dark Reading".
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.π Read
via "Dark Reading".
Dark Reading
New Regulations Are Coming β Get a Handle on Your App Portfolio
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.
βΌ CVE-2021-3832 βΌ
π Read
via "National Vulnerability Database".
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40978 βΌ
π Read
via "National Vulnerability Database".
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20605 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20603 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41865 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22958 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20602 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35067 βΌ
π Read
via "National Vulnerability Database".
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41794 βΌ
π Read
via "National Vulnerability Database".
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28661 βΌ
π Read
via "National Vulnerability Database".
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36150 βΌ
π Read
via "National Vulnerability Database".
SilverStripe Framework through 4.8.1 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20604 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33903 βΌ
π Read
via "National Vulnerability Database".
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)π Read
via "National Vulnerability Database".
βΌ CVE-2021-22930 βΌ
π Read
via "National Vulnerability Database".
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.π Read
via "National Vulnerability Database".
π΄ New Kaspersky Service Delivers Cyberthreat Insights on Request π΄
π Read
via "Dark Reading".
Kaspersky's new Ask the Analyst service will allow businesses to reach out to the company's researchers for their opinions and guidance on cyberthreats and security issues.π Read
via "Dark Reading".
Dark Reading
New Kaspersky Service Delivers Cyberthreat Insights on Request
Kaspersky's new Ask the Analyst service will allow businesses to reach out to the company's researchers for their opinions and guidance on cyberthreats and security issues.
β Apache web server zero-day bug is easy to exploit β patch now! β
π Read
via "Naked Security".
Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast]
Latest episode β listen now!
β 4 Key Questions for Zero-Trust Success β
π Read
via "Threat Post".
Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.π Read
via "Threat Post".
Threat Post
4 Key Questions for Zero-Trust Success
Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.