β Apache patch proves patchy β now you need to patch the patch β
π Read
via "Naked Security".
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.π Read
via "Naked Security".
Naked Security
Apache patch proves patchy β now you need to patch the patch
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.
π΄ The 5 Phases of Zero Trust Adoption π΄
π Read
via "Dark Reading".
Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.π Read
via "Dark Reading".
Dark Reading
The 5 Phases of Zero-Trust Adoption
Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.
βΌ CVE-2021-40543 βΌ
π Read
via "National Vulnerability Database".
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40542 βΌ
π Read
via "National Vulnerability Database".
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29006 βΌ
π Read
via "National Vulnerability Database".
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29005 βΌ
π Read
via "National Vulnerability Database".
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29004 βΌ
π Read
via "National Vulnerability Database".
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.π Read
via "National Vulnerability Database".
π¦Ώ How to combat the most prevalent ransomware threats π¦Ώ
π Read
via "Tech Republic".
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.π Read
via "Tech Republic".
TechRepublic
How to combat the most prevalent ransomware threats
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.
ποΈ Ransom Disclosure Act: US bill mandates organizations to report ransomware payments ποΈ
π Read
via "The Daily Swig".
Newly proposed law hopes to further understanding of cybercrime landscapeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransom Disclosure Act: US bill mandates organizations to report ransomware payments
Newly proposed law hopes to further understanding of cybercrime landscape
β Cybersecurity awareness month: Fight the phish! β
π Read
via "Naked Security".
Phishing crooks get to try over and over again. But you only have to make one mistake...π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Fight the phish!
Phishing crooks get to try over and over again. But you only need to make one mistakeβ¦
ποΈ Ransomware forensics research reveals cybercrime tradecraft secrets ποΈ
π Read
via "The Daily Swig".
Resident REvilπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware forensics research reveals cybercrime tradecraft secrets
Resident REvil
π΄ IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities π΄
π Read
via "Dark Reading".
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.π Read
via "Dark Reading".
Dark Reading
IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.
π΄ Forcepoint to Acquire Bitglass π΄
π Read
via "Dark Reading".
Deal will merge Bitglass's security service edge technology with Forcepointβs SASE architecture.π Read
via "Dark Reading".
Dark Reading
Forcepoint to Acquire Bitglass
Deal will merge Bitglass's security service edge technology with Forcepointβs SASE architecture.
βΌ CVE-2021-40541 βΌ
π Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40191 βΌ
π Read
via "National Vulnerability Database".
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0583 βΌ
π Read
via "National Vulnerability Database".
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956π Read
via "National Vulnerability Database".
βΌ CVE-2021-27002 βΌ
π Read
via "National Vulnerability Database".
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32028 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27664 βΌ
π Read
via "National Vulnerability Database".
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20121 βΌ
π Read
via "National Vulnerability Database".
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22263 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.π Read
via "National Vulnerability Database".