βΌ CVE-2021-3882 βΌ
π Read
via "National Vulnerability Database".
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40854 βΌ
π Read
via "National Vulnerability Database".
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42342 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.π Read
via "National Vulnerability Database".
β S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]
Latest episode β listen now!
β Romance scams with a cryptocurrency twist β new research from SophosLabs β
π Read
via "Naked Security".
Romance scams and dating site treachery with a new twist - "there's an app for that!"π Read
via "Naked Security".
Naked Security
Romance scams with a cryptocurrency twist β new research from SophosLabs
Romance scams and dating site treachery with a new twist β βthereβs an app for that!β
ποΈ Git providers revoke weak keys generated in vulnerable GitKraken crypto library ποΈ
π Read
via "The Daily Swig".
Weak SSH keys have been revoked by vendors to protect their usersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Git providers revoke weak keys generated in vulnerable GitKraken crypto library
Weak SSH keys have been revoked by vendors to protect their users
π΄ 6 Lessons From the Expiration of the Let's Encrypt Root Certificate π΄
π Read
via "Dark Reading".
Fallout from the transition highlights the need for organizations to monitor and have processes for updating CA roots, experts say.π Read
via "Dark Reading".
Dark Reading
6 Lessons From the Expiration of the Let's Encrypt Root Certificate
Fallout from the transition highlights the need for organizations to monitor and have processes for updating CA roots, experts say.
β Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once β
π Read
via "Threat Post".
Fortinetβs Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.π Read
via "Threat Post".
ποΈ Israeli hospital cancels non-urgent procedures following ransomware attack ποΈ
π Read
via "The Daily Swig".
National cybersecurity agency braced for further serious network intrusionsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Israeli hospital cancels non-urgent procedures following ransomware attack
National cybersecurity agency braced for further serious network intrusions
π΄ How Security Teams Can Reinforce End-User Awareness π΄
π Read
via "Dark Reading".
Training programs provide the information, but security teams can reinforce these for better end-user education.π Read
via "Dark Reading".
Dark Reading
How Security Teams Can Reinforce End-User Awareness
Training programs provide the information, but security teams can reinforce these for better end-user education.
β CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features β
π Read
via "Threat Post".
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.π Read
via "Threat Post".
Threat Post
CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.
ποΈ Dutch police warn DDoS-for-hire customers to desist or face prosecution ποΈ
π Read
via "The Daily Swig".
We know what you DDoSed last summerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dutch police warn DDoS-for-hire customers to desist or face prosecution
We know what you DDoSed last summer
π¦Ώ How to configure SSH to use a non-standard port with SELinux set to enforcing π¦Ώ
π Read
via "Tech Republic".
Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
How to configure SSH to use a non-standard port with SELinux set to enforcing
Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how.
βΌ CVE-2020-19961 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33177 βΌ
π Read
via "National Vulnerability Database".
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19964 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20599 βΌ
π Read
via "National Vulnerability Database".
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19960 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19962 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22963 βΌ
π Read
via "National Vulnerability Database".
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19957 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.π Read
via "National Vulnerability Database".