π΄ The Ransomware Payment Dilemma: Should Victims Pay or Not? π΄
π Read
via "Dark Reading".
It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.π Read
via "Dark Reading".
Dark Reading
The Ransomware Payment Dilemma: Should Victims Pay or Not?
It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.
π΄ JavaScript Packing Found In More Than 25% of Malicious Sites π΄
π Read
via "Dark Reading".
Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them.π Read
via "Dark Reading".
Dark Reading
JavaScript Packing Found in More Than 25% of Malicious Sites
Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them.
βΌ CVE-2021-25969 βΌ
π Read
via "National Vulnerability Database".
In Γ’β¬ΕCamaleon CMSΓ’β¬οΏ½ application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victimΓ’β¬β’s browser when they open the page containing the malicious comment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23452 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25972 βΌ
π Read
via "National Vulnerability Database".
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25970 βΌ
π Read
via "National Vulnerability Database".
Camaleon CMS 0.1.7 to 2.6.0 doesnΓ’β¬β’t terminate the active session of the users, even after the admin changes the userΓ’β¬β’s password. A user that was already logged in, will still have access to the application even after the password was changed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25971 βΌ
π Read
via "National Vulnerability Database".
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg fileπ Read
via "National Vulnerability Database".
ποΈ Historic scientific notation bug foils WAF defenses ποΈ
π Read
via "The Daily Swig".
AWS WAF and ModSecurity get βblinded by scienceβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Historic scientific notation bug foils WAF defenses
AWS WAF and ModSecurity get βblinded by scienceβ
β βTo the moon!β Cryptocurrency hamster Mr Goxx trades online 24/7 β
π Read
via "Naked Security".
Here's a happy cryptocurrency story for once, with not a cybercrook in sight.π Read
via "Naked Security".
Naked Security
βTo the moon!β Cryptocurrency hamster Mr Goxx trades online 24/7
Hereβs a happy cryptocurrency story for once, with not a cybercrook in sight.
βΌ CVE-2021-21747 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3542 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21746 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.π Read
via "National Vulnerability Database".
π΄ Passwordless Is the Future β¦ but What About the Present? π΄
π Read
via "Dark Reading".
Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits β and drawbacks β to users.π Read
via "Dark Reading".
Dark Reading
Passwordless Is the Future β¦ but What About the Present?
Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits β and drawbacks β to users.
β VPN Exposes Data for 1M Users, Leading to Researcher Questioning β
π Read
via "Threat Post".
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.π Read
via "Threat Post".
Threat Post
VPN Exposes Data for 1M Users, Leading to Researcher Questioning
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.
βΌ CVE-2021-21749 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21743 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21744 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21745 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21748 βΌ
π Read
via "National Vulnerability Database".
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.π Read
via "National Vulnerability Database".
π Government Agencies Warn Against BlackMatter Ransomware π
π Read
via "".
CISA, the FBI, and NSA provided defenders with tips to protect networks and mitigations to prevent the spread of the ransomware.π Read
via "".
Digital Guardian
Government Agencies Warn Against BlackMatter Ransomware
CISA, the FBI, and NSA provided defenders with tips to protect networks and mitigations to prevent the spread of the ransomware.
β Google Crushes YouTube Cookie-Stealing Channel Hijackers β
π Read
via "Threat Post".
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. π Read
via "Threat Post".
Threat Post
Google Crushes YouTube Cookie-Stealing Channel Hijackers
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.