βΌ CVE-2021-38480 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the routerΓ’β¬β’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3851 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3872 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38462 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38472 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the routerΓ’β¬β’s management portal and could lure the administrator to perform changes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3863 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-38468 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.π Read
via "National Vulnerability Database".
ποΈ L0phtCrack password auditing tool goes open source ποΈ
π Read
via "The Daily Swig".
Original developers invite OS community to develop further capabilitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
L0phtCrack password auditing tool goes open source
Original developers invite OS community to develop further capabilities
β A Guide to Doing Cyberintelligence on a Restricted Budget β
π Read
via "Threat Post".
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.π Read
via "Threat Post".
Threat Post
A Guide to Doing Cyberintelligence on a Restricted Budget
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.
π¦Ώ How to keep your data off the Dark Web π¦Ώ
π Read
via "Tech Republic".
Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.π Read
via "Tech Republic".
TechRepublic
How to keep your data off the Dark Web
Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.
π¦Ώ Aruba introduces the industry's first distributed services switch π¦Ώ
π Read
via "Tech Republic".
The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside.π Read
via "Tech Republic".
TechRepublic
Aruba introduces the industry's first distributed services switch
The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside.
π¦Ώ How to proactively detect and prevent ransomware attacks π¦Ώ
π Read
via "Tech Republic".
Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.π Read
via "Tech Republic".
TechRepublic
How to proactively detect and prevent ransomware attacks
Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.
π¦Ώ Tech support scams top list of latest phishing threats π¦Ώ
π Read
via "Tech Republic".
Tech support scams work because they try to trick people into believing there's a serious security crisis with their computers, says Norton Labs.π Read
via "Tech Republic".
TechRepublic
Tech support scams top list of latest phishing threats
Tech support scams work because they try to trick people into believing there's a serious security crisis with their computers, says Norton Labs.
β Cybersecurity Awareness Month: Building your career β
π Read
via "Naked Security".
Explore. Experience. Share. How to get into cybersecurity...π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Building your career
Explore. Experience. Share. How to get into cybersecurityβ¦
ποΈ (ISC)Β² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap ποΈ
π Read
via "The Daily Swig".
CEO tells (ISC)Β² Security Congress how orgs should rethink hiring strategiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
(ISC)Β² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap
CEO tells (ISC)Β² Security Congress how orgs should rethink hiring strategies
π΄ Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency π΄
π Read
via "Dark Reading".
Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.π Read
via "Dark Reading".
Dark Reading
Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency
Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.
π΄ Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors π΄
π Read
via "Dark Reading".
Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.π Read
via "Dark Reading".
Dark Reading
Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors
Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.
π΄ Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster π΄
π Read
via "Dark Reading".
Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.π Read
via "Dark Reading".
Dark Reading
Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster
Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.
βΌ CVE-2020-29622 βΌ
π Read
via "National Vulnerability Database".
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30847 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30845 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory.π Read
via "National Vulnerability Database".