βΌ CVE-2021-24677 βΌ
π Read
via "National Vulnerability Database".
The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24735 βΌ
π Read
via "National Vulnerability Database".
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24516 βΌ
π Read
via "National Vulnerability Database".
The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24622 βΌ
π Read
via "National Vulnerability Database".
The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41971 βΌ
π Read
via "National Vulnerability Database".
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.π Read
via "National Vulnerability Database".
π’ US links $5.2 billion in Bitcoin transactions to ransomware π’
π Read
via "ITPro".
A new report from the Treasury ties the cryptocurrency to ransomware payments over a ten year periodπ Read
via "ITPro".
IT PRO
US links $5.2 billion in Bitcoin transactions to ransomware | IT PRO
A new report from the Treasury ties the cryptocurrency to ransomware payments over a ten year period
π’ Acer Taiwan falls victim to cyber attack π’
π Read
via "ITPro".
Hackers obtained employee data three days after they breached Acer India serversπ Read
via "ITPro".
IT PRO
Acer Taiwan falls victim to cyber attack | IT PRO
Hackers obtained employee data three days after they breached Acer India servers
π’ The rise of cloud misconfiguration threats and how to avoid them π’
π Read
via "ITPro".
Businesses must adopt new tools and practices to combat one of the leading causes of security breachesπ Read
via "ITPro".
IT PRO
The rise of cloud misconfiguration threats and how to avoid them | IT PRO
Businesses must adopt new tools and practices to combat one of the leading causes of security breaches
π’ Marsh McLennan reveals its cyber risk analytics center π’
π Read
via "ITPro".
The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wymanπ Read
via "ITPro".
IT PRO
Marsh McLennan reveals its cyber risk analytics center | IT PRO
The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wyman
π¦Ώ Is your organization safe from a cybersecurity attack? π¦Ώ
π Read
via "Tech Republic".
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.π Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
β TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings β
π Read
via "Threat Post".
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.π Read
via "Threat Post".
Threat Post
TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
βΌ CVE-2021-36513 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42055 βΌ
π Read
via "National Vulnerability Database".
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23449 βΌ
π Read
via "National Vulnerability Database".
This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29878 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581.π Read
via "National Vulnerability Database".
π΄ Sinclair Broadcast Group Confirms Ransomware Attack π΄
π Read
via "Dark Reading".
The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.π Read
via "Dark Reading".
Dark Reading
Sinclair Broadcast Group Confirms Ransomware Attack
The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.
π DOJ Aims to Keep Companies Accountable with Cyber-Fraud Initiative π
π Read
via "".
Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ's new Civil Cyber-Fraud Initiative.π Read
via "".
Digital Guardian
DOJ Aims to Keep Companies Accountable with Cyber-Fraud Initiative
Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ's new Civil Cyber-Fraud Initiative.
π΄ NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware π΄
π Read
via "Dark Reading".
Ransomware has become a "national security issue," NSA director said.π Read
via "Dark Reading".
Dark Reading
NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware
Ransomware has become a "national security issue," NSA director said.
β Sinclair Confirms Ransomware Attack That Disrupted TV Stations β
π Read
via "Threat Post".
A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.π Read
via "Threat Post".
Threat Post
Sinclair Confirms Ransomware Attack That Disrupted TV Stations
A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.
π¦Ώ Gartner analyst: 12 technologies to accelerate growth, engineer trust and sculpt change in 2022 π¦Ώ
π Read
via "Tech Republic".
CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.π Read
via "Tech Republic".
TechRepublic
Gartner analyst: 12 technologies to accelerate growth, engineer trust and sculpt change in 2022
CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.
β Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? β
π Read
via "Threat Post".
Companies are worried that the highly privileged password app could let attackers deep inside an enterpriseβs footprint, says Redscanβs George Glass.π Read
via "Threat Post".