π΄ Praetorian Launches Snowcat Tool for Istio π΄
π Read
via "Dark Reading".
Snowcat is the world's first static analysis tool dedicated to Istio.π Read
via "Dark Reading".
Dark Reading
Praetorian Launches Snowcat Tool for Istio
Snowcat is the world's first static analysis tool dedicated to Istio.
π 2021 to Date Has Seen More Data Breaches Than 2020 π
π Read
via "".
We're poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.π Read
via "".
Digital Guardian
2021 to Date Has Seen More Data Breaches Than 2020
We're poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.
π΄ US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn π΄
π Read
via "Dark Reading".
CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks.π Read
via "Dark Reading".
Dark Reading
US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn
CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks.
βΌ CVE-2021-32571 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42369 βΌ
π Read
via "National Vulnerability Database".
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36389 βΌ
π Read
via "National Vulnerability Database".
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".π Read
via "National Vulnerability Database".
βΌ CVE-2021-36387 βΌ
π Read
via "National Vulnerability Database".
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".π Read
via "National Vulnerability Database".
βΌ CVE-2021-36388 βΌ
π Read
via "National Vulnerability Database".
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".π Read
via "National Vulnerability Database".
π¦Ώ How a vishing attack spoofed Microsoft to try to gain remote access π¦Ώ
π Read
via "Tech Republic".
A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.π Read
via "Tech Republic".
π΄ Deepfence Announces Open Source Availability of ThreatMapper π΄
π Read
via "Dark Reading".
Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.π Read
via "Dark Reading".
Dark Reading
Deepfence Announces Open Source Availability of ThreatMapper
Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.
β Rickroll Grad Prank Exposes Exterity IPTV Bug β
π Read
via "Threat Post".
IPTV and IP video security is increasingly under scrutiny, even by high school kids.π Read
via "Threat Post".
Threat Post
Rickroll Grad Prank Exposes Exterity IPTV Bug
IPTV and IP video security is increasingly under scrutiny, even by high school kids.
π΄ Increased Security Spending to Support Distributed Workforce π΄
π Read
via "Dark Reading".
Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.π Read
via "Dark Reading".
Dark Reading
Increased Security Spending to Support Distributed Workforce
Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.
π΄ Enterprise Data Storage Environments Riddled With Vulnerabilities π΄
π Read
via "Dark Reading".
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.π Read
via "Dark Reading".
Dark Reading
Enterprise Data Storage Environments Riddled With Vulnerabilities
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.
βΌ CVE-2021-42340 βΌ
π Read
via "National Vulnerability Database".
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38295 βΌ
π Read
via "National Vulnerability Database".
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2π Read
via "National Vulnerability Database".
ποΈ Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access ποΈ
π Read
via "The Daily Swig".
Fastest Cache is used by more than one million peopleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access
Fastest Cache is used by more than one million websites
π΄ From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor π΄
π Read
via "Dark Reading".
Why a passion for helping people is key to delivering effective cybersecurity solutions.π Read
via "Dark Reading".
Dark Reading
From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
Why a passion for helping people is key to delivering effective cybersecurity solutions.
βΌ CVE-2021-37737 βΌ
π Read
via "National Vulnerability Database".
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39332 βΌ
π Read
via "National Vulnerability Database".
The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42332 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕList ViewΓ’β¬οΏ½ function of ShinHer StudyOnline System is not under authority control. After logging in with userΓ’β¬β’s privilege, remote attackers can access the content of other usersΓ’β¬β’ message boards by crafting URL parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40999 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".