‼ CVE-2021-38344 ‼
📖 Read
via "National Vulnerability Database".
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41142 ‼
📖 Read
via "National Vulnerability Database".
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42228 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, (you only need to search in google: inurl:/examples/uploadbutton.html) and then use the authority of this website to trick users into clicking your malicious html link.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42227 ‼
📖 Read
via "National Vulnerability Database".
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).📖 Read
via "National Vulnerability Database".
🦿 Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware 🦿
📖 Read
via "Tech Republic".
The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous.📖 Read
via "Tech Republic".
TechRepublic
Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware
The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous.
🕴 Praetorian Launches Snowcat Tool for Istio 🕴
📖 Read
via "Dark Reading".
Snowcat is the world's first static analysis tool dedicated to Istio.📖 Read
via "Dark Reading".
Dark Reading
Praetorian Launches Snowcat Tool for Istio
Snowcat is the world's first static analysis tool dedicated to Istio.
🔏 2021 to Date Has Seen More Data Breaches Than 2020 🔏
📖 Read
via "".
We're poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.📖 Read
via "".
Digital Guardian
2021 to Date Has Seen More Data Breaches Than 2020
We're poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.
🕴 US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn 🕴
📖 Read
via "Dark Reading".
CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks.📖 Read
via "Dark Reading".
Dark Reading
US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn
CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks.
‼ CVE-2021-32571 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42369 ‼
📖 Read
via "National Vulnerability Database".
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36389 ‼
📖 Read
via "National Vulnerability Database".
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36387 ‼
📖 Read
via "National Vulnerability Database".
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36388 ‼
📖 Read
via "National Vulnerability Database".
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".📖 Read
via "National Vulnerability Database".
🦿 How a vishing attack spoofed Microsoft to try to gain remote access 🦿
📖 Read
via "Tech Republic".
A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.📖 Read
via "Tech Republic".
🕴 Deepfence Announces Open Source Availability of ThreatMapper 🕴
📖 Read
via "Dark Reading".
Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.📖 Read
via "Dark Reading".
Dark Reading
Deepfence Announces Open Source Availability of ThreatMapper
Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.
❌ Rickroll Grad Prank Exposes Exterity IPTV Bug ❌
📖 Read
via "Threat Post".
IPTV and IP video security is increasingly under scrutiny, even by high school kids.📖 Read
via "Threat Post".
Threat Post
Rickroll Grad Prank Exposes Exterity IPTV Bug
IPTV and IP video security is increasingly under scrutiny, even by high school kids.
🕴 Increased Security Spending to Support Distributed Workforce 🕴
📖 Read
via "Dark Reading".
Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.📖 Read
via "Dark Reading".
Dark Reading
Increased Security Spending to Support Distributed Workforce
Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.
🕴 Enterprise Data Storage Environments Riddled With Vulnerabilities 🕴
📖 Read
via "Dark Reading".
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.📖 Read
via "Dark Reading".
Dark Reading
Enterprise Data Storage Environments Riddled With Vulnerabilities
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.
‼ CVE-2021-42340 ‼
📖 Read
via "National Vulnerability Database".
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38295 ‼
📖 Read
via "National Vulnerability Database".
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2📖 Read
via "National Vulnerability Database".
🗓️ Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access 🗓️
📖 Read
via "The Daily Swig".
Fastest Cache is used by more than one million people📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access
Fastest Cache is used by more than one million websites