βΌ CVE-2021-42085 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.π Read
via "National Vulnerability Database".
π΄ Microsec.ai Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service π΄
π Read
via "Dark Reading".
Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications.π Read
via "Dark Reading".
Dark Reading
Microsec.ai Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service
Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications.
π΄ HP Extends Security Features to Work-from-Home Devices π΄
π Read
via "Dark Reading".
HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers.π Read
via "Dark Reading".
Dark Reading
HP Extends Security Features to Work-from-Home Devices
HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers.
βΌ CVE-2021-25271 βΌ
π Read
via "National Vulnerability Database".
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25270 βΌ
π Read
via "National Vulnerability Database".
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33603 βΌ
π Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40832 βΌ
π Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.π Read
via "National Vulnerability Database".
ποΈ Apache HTTP Server update fails to squash path traversal, RCE bugs ποΈ
π Read
via "The Daily Swig".
Web admins told to upgrade (once again) to latest versionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apache HTTP Server update fails to squash path traversal, RCE bugs
Web admins told to upgrade (once again) to latest version
π΄ Hardware Bolsters Medical Device Security π΄
π Read
via "Dark Reading".
New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices.π Read
via "Dark Reading".
Dark Reading
Hardware Bolsters Medical Device Security
New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices.
βΌ CVE-2021-41947 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.π Read
via "National Vulnerability Database".
π΄ Patch 'Immediately': Apache Issues Software Fix as Zero-Day Attacks Pick Up π΄
π Read
via "Dark Reading".
CISA reports it's seeing ongoing scanning for the flaws and expects this to accelerate.π Read
via "Dark Reading".
Dark Reading
Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks
CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate.
ποΈ Hong Kongβs anti-doxxing law comes into force despite human rights criticism ποΈ
π Read
via "The Daily Swig".
Violations could attract hefty fines and up to five years in prisonπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Hong Kongβs anti-doxxing law comes into force despite human rights criticism
Violations could attract hefty fines and up to five years in prison
π¦Ώ Install SELinux on Ubuntu Server 20.04: Here's how π¦Ώ
π Read
via "Tech Republic".
If you've already learned SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground.π Read
via "Tech Republic".
TechRepublic
Install SELinux on Ubuntu Server 20.04: Here's how
If you've already learned SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground.
β Apache patch proves patchy β now you need to patch the patch β
π Read
via "Naked Security".
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.π Read
via "Naked Security".
Naked Security
Apache patch proves patchy β now you need to patch the patch
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.
β S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast]
Latest episode β listen now!
π nfstream 6.3.5 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.3.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Zed Attack Proxy 2.11.0 Cross Platform Package π
π Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.π Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.11.0 Cross Platform Package β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-3312 βΌ
π Read
via "National Vulnerability Database".
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35979 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41133 βΌ
π Read
via "National Vulnerability Database".
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36767 βΌ
π Read
via "National Vulnerability Database".
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.π Read
via "National Vulnerability Database".