β TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates β
π Read
via "Threat Post".
The group β which also created BazarLoader and the Conti ransomware β has juiced its distribution tactics to threaten enterprises more than ever.π Read
via "Threat Post".
Threat Post
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The group β which also created BazarLoader and the Conti ransomware β has juiced its distribution tactics to threaten enterprises more than ever.
βΌ CVE-2021-28021 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29745 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29679 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41320 βΌ
π Read
via "National Vulnerability Database".
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4951 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.π Read
via "National Vulnerability Database".
π¦Ώ How to use DocSecrets to encrypt sections of your Google Docs π¦Ώ
π Read
via "Tech Republic".
If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.π Read
via "Tech Republic".
TechRepublic
How to use DocSecrets to encrypt sections of your Google Docs - TechRepublic
If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.
βΌ CVE-2021-27561 βΌ
π Read
via "National Vulnerability Database".
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.π Read
via "National Vulnerability Database".
π΄ Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move π΄
π Read
via "Dark Reading".
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.π Read
via "Dark Reading".
Dark Reading
Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
βΌ CVE-2018-16060 βΌ
π Read
via "National Vulnerability Database".
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.π Read
via "National Vulnerability Database".
βΌ CVE-2018-16061 βΌ
π Read
via "National Vulnerability Database".
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.π Read
via "National Vulnerability Database".
π΄ China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes π΄
π Read
via "Dark Reading".
China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.π Read
via "Dark Reading".
Dark Reading
China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
π΄ In Cyberwar, Attribution Can Be Impossible β and That's OK π΄
π Read
via "Dark Reading".
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.π Read
via "Dark Reading".
Dark Reading
In Cyberwar, Attribution Can Be Impossible β and That's OK
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.
βΌ CVE-2021-36097 βΌ
π Read
via "National Vulnerability Database".
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38562 βΌ
π Read
via "National Vulnerability Database".
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38297 βΌ
π Read
via "National Vulnerability Database".
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41611 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42565 βΌ
π Read
via "National Vulnerability Database".
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42566 βΌ
π Read
via "National Vulnerability Database".
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.π Read
via "National Vulnerability Database".
ποΈ Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers ποΈ
π Read
via "The Daily Swig".
Latest specification is a work in progressπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers
Latest specification is a work in progress
β Cybersecurity Awareness Month: Building your career β
π Read
via "Naked Security".
Explore. Experience. Share. How to get into cybersecurity...π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Building your career
Explore. Experience. Share. How to get into cybersecurityβ¦