π’ Acer Taiwan falls victim to cyber attack π’
π Read
via "ITPro".
Hackers obtained employee data three days after they breached Acer India serversπ Read
via "ITPro".
IT PRO
Acer Taiwan falls victim to cyber attack | IT PRO
Hackers obtained employee data three days after they breached Acer India servers
π’ The rise of cloud misconfiguration threats and how to avoid them π’
π Read
via "ITPro".
Businesses must adopt new tools and practices to combat one of the leading causes of security breachesπ Read
via "ITPro".
IT PRO
The rise of cloud misconfiguration threats and how to avoid them | IT PRO
Businesses must adopt new tools and practices to combat one of the leading causes of security breaches
π’ Marsh McLennan reveals its cyber risk analytics center π’
π Read
via "ITPro".
The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wymanπ Read
via "ITPro".
IT PRO
Marsh McLennan reveals its cyber risk analytics center | IT PRO
The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wyman
π¦Ώ Is your organization safe from a cybersecurity attack? π¦Ώ
π Read
via "Tech Republic".
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.π Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
β TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings β
π Read
via "Threat Post".
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.π Read
via "Threat Post".
Threat Post
TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
βΌ CVE-2021-36513 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42055 βΌ
π Read
via "National Vulnerability Database".
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23449 βΌ
π Read
via "National Vulnerability Database".
This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29878 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581.π Read
via "National Vulnerability Database".
π΄ Sinclair Broadcast Group Confirms Ransomware Attack π΄
π Read
via "Dark Reading".
The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.π Read
via "Dark Reading".
Dark Reading
Sinclair Broadcast Group Confirms Ransomware Attack
The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.
π DOJ Aims to Keep Companies Accountable with Cyber-Fraud Initiative π
π Read
via "".
Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ's new Civil Cyber-Fraud Initiative.π Read
via "".
Digital Guardian
DOJ Aims to Keep Companies Accountable with Cyber-Fraud Initiative
Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ's new Civil Cyber-Fraud Initiative.
π΄ NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware π΄
π Read
via "Dark Reading".
Ransomware has become a "national security issue," NSA director said.π Read
via "Dark Reading".
Dark Reading
NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware
Ransomware has become a "national security issue," NSA director said.
β Sinclair Confirms Ransomware Attack That Disrupted TV Stations β
π Read
via "Threat Post".
A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.π Read
via "Threat Post".
Threat Post
Sinclair Confirms Ransomware Attack That Disrupted TV Stations
A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.
π¦Ώ Gartner analyst: 12 technologies to accelerate growth, engineer trust and sculpt change in 2022 π¦Ώ
π Read
via "Tech Republic".
CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.π Read
via "Tech Republic".
TechRepublic
Gartner analyst: 12 technologies to accelerate growth, engineer trust and sculpt change in 2022
CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.
β Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? β
π Read
via "Threat Post".
Companies are worried that the highly privileged password app could let attackers deep inside an enterpriseβs footprint, says Redscanβs George Glass.π Read
via "Threat Post".
π¦Ώ How to deal with supply-chain disruptions: 5 tips π¦Ώ
π Read
via "Tech Republic".
Tom Merritt gives us five ways to deal with the uncertainty of weather events and port issues.π Read
via "Tech Republic".
TechRepublic
How to deal with supply-chain disruptions: 5 tips
Tom Merritt gives us five ways to deal with the uncertainty of weather events and port issues.
π¦Ώ Top 5 tips for dealing with supply-chain disruptions π¦Ώ
π Read
via "Tech Republic".
Weather events and port issues have caused major disruptions in the global supply chain. Tom Merritt gives us five ways to deal with it.π Read
via "Tech Republic".
TechRepublic
Top 5 tips for dealing with supply-chain disruptions
Weather events and port issues have caused major disruptions in the global supply chain. Tom Merritt gives us five ways to deal with it.
π΄ Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud π΄
π Read
via "Dark Reading".
As retailers roll out more "buy online, pickup in-store" options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.π Read
via "Dark Reading".
Dark Reading
Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud
As retailers roll out more fulfillment options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.
βΌ CVE-2021-41152 βΌ
π Read
via "National Vulnerability Database".
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41156 βΌ
π Read
via "National Vulnerability Database".
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft an html form with malicious JavaScript, use social engineering to convince logged on users to execute a POST from such form, and have the attacker-supplied JavaScript to be executed in user's browser. This has been patched in version 1.19.30.5600. Upgrade is recommended. If it is not practical, introduce ttValidDbDateFormatDate function as in the latest version and add a call to it within the access checks block.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42650 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.π Read
via "National Vulnerability Database".