βΌ CVE-2021-20128 βΌ
π Read
via "National Vulnerability Database".
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41138 βΌ
π Read
via "National Vulnerability Database".
Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent `pallet-evm` execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit `146bb48849e5393004be5c88beefe76fdf009aba`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41139 βΌ
π Read
via "National Vulnerability Database".
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible to craft the URI with malicious JavaScript, use social engineering to convince logged on user to click on such link, and have the attacker-supplied JavaScript to be executed in user's browser. This issue is patched in version 1.19.30.5600. As a workaround, one may introduce `ttValidDbDateFormatDate` function as in the latest version and add a call to it within the access checks block in time.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20123 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.π Read
via "National Vulnerability Database".
π Microsoft Fends Off 2.4 Tbps DDoS Attack π
π Read
via "".
The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.π Read
via "".
Digital Guardian
Microsoft Fends Off 2.4 Tbps DDoS Attack
The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.
π΄ Are You Ready for the Privacy Laws Tsunami? π΄
π Read
via "Dark Reading".
Think PCI, HIPAA, and GDPR compliance is tough? There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design.π Read
via "Dark Reading".
Dark Reading
Are You Ready for the Privacy Laws Tsunami?
Think PCI, HIPAA, and GDPR compliance is tough? There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design.
β FreakOut Botnet Turns DVRs Into Monero Cryptominers β
π Read
via "Threat Post".
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.π Read
via "Threat Post".
Threat Post
FreakOut Botnet Turns DVRs Into Monero Cryptominers
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.
βΌ CVE-2021-42224 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26318 βΌ
π Read
via "National Vulnerability Database".
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20130 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20131 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40842 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40843 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42223 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.π Read
via "National Vulnerability Database".
π¦Ώ How to get the most bang for your buck out of your cybersecurity budget π¦Ώ
π Read
via "Tech Republic".
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.π Read
via "Tech Republic".
TechRepublic
How to get the most bang for your buck out of your cybersecurity budget
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.
π΄ What Does a Chief Product Security Officer Do? π΄
π Read
via "Dark Reading".
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.π Read
via "Dark Reading".
Dark Reading
What Does a Chief Product Security Officer Do?
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.
π΄ VirusTotal Shares Data on Ransomware Activity π΄
π Read
via "Dark Reading".
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.π Read
via "Dark Reading".
Dark Reading
VirusTotal Shares Data on Ransomware Activity
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.
π¦Ώ 3 risk management priorities CIOs are focused on right now π¦Ώ
π Read
via "Tech Republic".
CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.π Read
via "Tech Republic".
TechRepublic
3 risk management priorities CIOs are focused on right now
CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.
π¦Ώ Has COVID-19 or supply chain issues affected your organization's cybersecurity plans? π¦Ώ
π Read
via "Tech Republic".
What do you really think about your company's cybersecurity strategy? Take this quick, multiple choice survey and tell us.π Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
π΄ SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks π΄
π Read
via "Dark Reading".
Companyβs virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.π Read
via "Dark Reading".
Dark Reading
SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks
Companyβs virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.
π΄ Fugue Adds Kubernetes Security Checks to Secure Infrastructure-As-Code π΄
π Read
via "Dark Reading".
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.π Read
via "Dark Reading".
Dark Reading
Fugue Adds Kubernetes Security Checks to Secure Infrastructure-as-Code
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.