βΌ CVE-2021-41335 βΌ
π Read
via "National Vulnerability Database".
Windows Kernel Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40467 βΌ
π Read
via "National Vulnerability Database".
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41338 βΌ
π Read
via "National Vulnerability Database".
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34453 βΌ
π Read
via "National Vulnerability Database".
Microsoft Exchange Server Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41355 βΌ
π Read
via "National Vulnerability Database".
.NET Core and Visual Studio Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41330 βΌ
π Read
via "National Vulnerability Database".
Microsoft Windows Media Foundation Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41331 βΌ
π Read
via "National Vulnerability Database".
Windows Media Audio Decoder Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41353 βΌ
π Read
via "National Vulnerability Database".
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40487 βΌ
π Read
via "National Vulnerability Database".
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41347 βΌ
π Read
via "National Vulnerability Database".
Windows AppX Deployment Service Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40484 βΌ
π Read
via "National Vulnerability Database".
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.π Read
via "National Vulnerability Database".
ποΈ Firefox Suggest lands in the US, bringing ads to the browser search bar ποΈ
π Read
via "The Daily Swig".
New feature has been rolled out to a select group of users in the USπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Firefox Suggest lands in the US, bringing ads to the browser search bar
New feature has been rolled out to a select group of users in the US
β 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware β
π Read
via "Threat Post".
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.π Read
via "Threat Post".
Threat Post
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.
βΌ CVE-2021-33609 βΌ
π Read
via "National Vulnerability Database".
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.π Read
via "National Vulnerability Database".
β OpenSea βFree Giftβ NFTs Drain Cryptowallet Balances β
π Read
via "Threat Post".
Cybercriminals exploited bugs in the world's largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.π Read
via "Threat Post".
Threat Post
OpenSea βFree Giftβ NFTs Drain Cryptowallet Balances
Cybercriminals exploited bugs in the world's largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.
ποΈ Nagios XI updated to address trio of security vulnerabilities ποΈ
π Read
via "The Daily Swig".
Post-auth flaws could give attackers a platform from which to pivot to other parts of the networkπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Nagios XI updated to address trio of security vulnerabilities
Post-auth flaws could give attackers a platform from which to pivot to other parts of the network
β Mandating a Zero-Trust Approach for Software Supply Chains β
π Read
via "Threat Post".
Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.π Read
via "Threat Post".
Threat Post
Mandating a Zero-Trust Approach for Software Supply Chains
Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.
ποΈ βFind out what sparks joyβ β YouTube educator and security expert Katie Paxton-Fear on carving out a successful infosec career ποΈ
π Read
via "The Daily Swig".
βNever stop learningβ, Swig readers told during Q&A sessionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βFind out what sparks joyβ β YouTube educator and security expert Katie Paxton-Fear on carving out a successful infosec career
βNever stop learningβ, Swig readers told during Q&A session
π΄ A Close Look at Russia's Ghostwriter Campaign π΄
π Read
via "Dark Reading".
The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics.π Read
via "Dark Reading".
Dark Reading
A Close Look at Russia's Ghostwriter Campaign
The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics.
βοΈ How Coinbase Phishers Steal One-Time Passwords βοΈ
π Read
via "Krebs on Security".
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.π Read
via "Krebs on Security".
Krebs on Security
How Coinbase Phishers Steal One-Time Passwords
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millionsβ¦
π¦Ώ Securing Microsoft 365 with app governance π¦Ώ
π Read
via "Tech Republic".
How can you protect your network and data from consent phishing attacks? Microsoft's new app compliance program can help.π Read
via "Tech Republic".