‼ CVE-2021-39329 ‼
📖 Read
via "National Vulnerability Database".
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3746 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30843 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39343 ‼
📖 Read
via "National Vulnerability Database".
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30819 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30825 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30832 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30815 ‼
📖 Read
via "National Vulnerability Database".
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30841 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2011-1497 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.📖 Read
via "National Vulnerability Database".
🕴 Winners Announced for 2021 Infosec Inspire Security Awareness Awards 🕴
📖 Read
via "Dark Reading".
Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs.📖 Read
via "Dark Reading".
Dark Reading
Winners Announced for 2021 Infosec Inspire Security Awareness Awards
Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs.
❌ Lyceum APT Returns, This Time Targeting Tunisian Firms ❌
📖 Read
via "Threat Post".
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It's kept up attacks through 2021 and is working on retooling its arsenal yet again. 📖 Read
via "Threat Post".
Threat Post
Lyceum APT Returns, This Time Targeting Tunisian Firms
The APT, which targets Middle Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It's kept up attacks through 2021 and is working on retooling its arsenal yet again.
‼ CVE-2021-38911 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12141 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29912 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33988 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.📖 Read
via "National Vulnerability Database".
🕴 Name That Toon: Bone Dry 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Toon: Bone Dry
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 Privacy Management for Microsoft 365 Now Generally Available 🕴
📖 Read
via "Dark Reading".
The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.📖 Read
via "Dark Reading".
Dark Reading
Privacy Management for Microsoft 365 Now Generally Available
The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.
🕴 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored 🕴
📖 Read
via "Dark Reading".
Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats.📖 Read
via "Dark Reading".
Dark Reading
2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored
Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats.
🕴 Keysight Technologies Acquires SCALABLE Network Technologies 🕴
📖 Read
via "Dark Reading".
Simulation and modeling solutions augment Keysight's 5G and cybersecurity portfolio.📖 Read
via "Dark Reading".
Dark Reading
Keysight Technologies Acquires SCALABLE Network Technologies
Simulation and modeling solutions augment Keysight's 5G and cybersecurity portfolio.
🕴 CrowdStrike Invests in Microsoft AD Competitor JumpCloud 🕴
📖 Read
via "Dark Reading".
Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.📖 Read
via "Dark Reading".
Dark Reading
CrowdStrike Invests in Microsoft AD Competitor JumpCloud
Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.