βΌ CVE-2021-40887 βΌ
π Read
via "National Vulnerability Database".
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.π Read
via "National Vulnerability Database".
ποΈ Oregon Eye Specialists discloses data breach following employee email compromise ποΈ
π Read
via "The Daily Swig".
Attackers had access to mailboxes over a two-month periodπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Oregon Eye Specialists discloses data breach following employee email compromise
Attackers had access to mailboxes over a two-month period
π΄ Continuous Authentication Tech Looms Large in Deployment Plans π΄
π Read
via "Dark Reading".
Data from the Dark Reading and Omdia Enterprise Security in a Post Pandemic World report shows security leaders are interested in continuous authentication technologies, especially behavioral-based capabilities.π Read
via "Dark Reading".
Dark Reading
Continuous Authentication Tech Looms Large in Deployment Plans
Security leaders are interested in continuous authentication technologies, especially behavioral-based capabilities.
π΄ Applying Behavioral Psychology to Strengthen Your Incident Response Team π΄
π Read
via "Dark Reading".
A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs.π Read
via "Dark Reading".
Dark Reading
Applying Behavioral Psychology to Strengthen Your Incident Response Team
A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs.
β Apache patch proves patchy β now you need to patch the patch β
π Read
via "Naked Security".
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.π Read
via "Naked Security".
Naked Security
Apache patch proves patchy β now you need to patch the patch
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.
π΄ The 5 Phases of Zero Trust Adoption π΄
π Read
via "Dark Reading".
Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.π Read
via "Dark Reading".
Dark Reading
The 5 Phases of Zero-Trust Adoption
Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.
βΌ CVE-2021-40543 βΌ
π Read
via "National Vulnerability Database".
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40542 βΌ
π Read
via "National Vulnerability Database".
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29006 βΌ
π Read
via "National Vulnerability Database".
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29005 βΌ
π Read
via "National Vulnerability Database".
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29004 βΌ
π Read
via "National Vulnerability Database".
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.π Read
via "National Vulnerability Database".
π¦Ώ How to combat the most prevalent ransomware threats π¦Ώ
π Read
via "Tech Republic".
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.π Read
via "Tech Republic".
TechRepublic
How to combat the most prevalent ransomware threats
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.
ποΈ Ransom Disclosure Act: US bill mandates organizations to report ransomware payments ποΈ
π Read
via "The Daily Swig".
Newly proposed law hopes to further understanding of cybercrime landscapeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransom Disclosure Act: US bill mandates organizations to report ransomware payments
Newly proposed law hopes to further understanding of cybercrime landscape
β Cybersecurity awareness month: Fight the phish! β
π Read
via "Naked Security".
Phishing crooks get to try over and over again. But you only have to make one mistake...π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Fight the phish!
Phishing crooks get to try over and over again. But you only need to make one mistakeβ¦
ποΈ Ransomware forensics research reveals cybercrime tradecraft secrets ποΈ
π Read
via "The Daily Swig".
Resident REvilπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware forensics research reveals cybercrime tradecraft secrets
Resident REvil
π΄ IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities π΄
π Read
via "Dark Reading".
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.π Read
via "Dark Reading".
Dark Reading
IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.
π΄ Forcepoint to Acquire Bitglass π΄
π Read
via "Dark Reading".
Deal will merge Bitglass's security service edge technology with Forcepointβs SASE architecture.π Read
via "Dark Reading".
Dark Reading
Forcepoint to Acquire Bitglass
Deal will merge Bitglass's security service edge technology with Forcepointβs SASE architecture.
βΌ CVE-2021-40541 βΌ
π Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40191 βΌ
π Read
via "National Vulnerability Database".
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0583 βΌ
π Read
via "National Vulnerability Database".
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956π Read
via "National Vulnerability Database".
βΌ CVE-2021-27002 βΌ
π Read
via "National Vulnerability Database".
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.π Read
via "National Vulnerability Database".