βΌ CVE-2021-20130 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20131 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40842 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40843 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42223 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.π Read
via "National Vulnerability Database".
π¦Ώ How to get the most bang for your buck out of your cybersecurity budget π¦Ώ
π Read
via "Tech Republic".
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.π Read
via "Tech Republic".
TechRepublic
How to get the most bang for your buck out of your cybersecurity budget
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.
π΄ What Does a Chief Product Security Officer Do? π΄
π Read
via "Dark Reading".
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.π Read
via "Dark Reading".
Dark Reading
What Does a Chief Product Security Officer Do?
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.
π΄ VirusTotal Shares Data on Ransomware Activity π΄
π Read
via "Dark Reading".
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.π Read
via "Dark Reading".
Dark Reading
VirusTotal Shares Data on Ransomware Activity
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.
π¦Ώ 3 risk management priorities CIOs are focused on right now π¦Ώ
π Read
via "Tech Republic".
CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.π Read
via "Tech Republic".
TechRepublic
3 risk management priorities CIOs are focused on right now
CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.
π¦Ώ Has COVID-19 or supply chain issues affected your organization's cybersecurity plans? π¦Ώ
π Read
via "Tech Republic".
What do you really think about your company's cybersecurity strategy? Take this quick, multiple choice survey and tell us.π Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
π΄ SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks π΄
π Read
via "Dark Reading".
Companyβs virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.π Read
via "Dark Reading".
Dark Reading
SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks
Companyβs virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.
π΄ Fugue Adds Kubernetes Security Checks to Secure Infrastructure-As-Code π΄
π Read
via "Dark Reading".
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.π Read
via "Dark Reading".
Dark Reading
Fugue Adds Kubernetes Security Checks to Secure Infrastructure-as-Code
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.
βΌ CVE-2021-41075 βΌ
π Read
via "National Vulnerability Database".
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40493 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42341 βΌ
π Read
via "National Vulnerability Database".
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3882 βΌ
π Read
via "National Vulnerability Database".
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40854 βΌ
π Read
via "National Vulnerability Database".
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42342 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.π Read
via "National Vulnerability Database".
β S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]
Latest episode β listen now!
β Romance scams with a cryptocurrency twist β new research from SophosLabs β
π Read
via "Naked Security".
Romance scams and dating site treachery with a new twist - "there's an app for that!"π Read
via "Naked Security".
Naked Security
Romance scams with a cryptocurrency twist β new research from SophosLabs
Romance scams and dating site treachery with a new twist β βthereβs an app for that!β
ποΈ Git providers revoke weak keys generated in vulnerable GitKraken crypto library ποΈ
π Read
via "The Daily Swig".
Weak SSH keys have been revoked by vendors to protect their usersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Git providers revoke weak keys generated in vulnerable GitKraken crypto library
Weak SSH keys have been revoked by vendors to protect their users