โผ CVE-2021-21747 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3542 โผ
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21746 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.๐ Read
via "National Vulnerability Database".
๐ด Passwordless Is the Future โฆ but What About the Present? ๐ด
๐ Read
via "Dark Reading".
Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits โ and drawbacks โ to users.๐ Read
via "Dark Reading".
Dark Reading
Passwordless Is the Future โฆ but What About the Present?
Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits โ and drawbacks โ to users.
โ VPN Exposes Data for 1M Users, Leading to Researcher Questioning โ
๐ Read
via "Threat Post".
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.๐ Read
via "Threat Post".
Threat Post
VPN Exposes Data for 1M Users, Leading to Researcher Questioning
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.
โผ CVE-2021-21749 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21743 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21744 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21745 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21748 โผ
๐ Read
via "National Vulnerability Database".
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.๐ Read
via "National Vulnerability Database".
๐ Government Agencies Warn Against BlackMatter Ransomware ๐
๐ Read
via "".
CISA, the FBI, and NSA provided defenders with tips to protect networks and mitigations to prevent the spread of the ransomware.๐ Read
via "".
Digital Guardian
Government Agencies Warn Against BlackMatter Ransomware
CISA, the FBI, and NSA provided defenders with tips to protect networks and mitigations to prevent the spread of the ransomware.
โ Google Crushes YouTube Cookie-Stealing Channel Hijackers โ
๐ Read
via "Threat Post".
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. ๐ Read
via "Threat Post".
Threat Post
Google Crushes YouTube Cookie-Stealing Channel Hijackers
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.
๐ด Removing Friction for the Enterprise With Trusted Access ๐ด
๐ Read
via "Dark Reading".
Our work lives are supposed to be simpler and easier because of technology. At least thatโs the promise.๐ Read
via "Dark Reading".
Dark Reading
Removing Friction for the Enterprise With Trusted Access
Our work lives are supposed to be simpler and easier because of technology. At least thatโs the promise.
โผ CVE-2021-42762 โผ
๐ Read
via "National Vulnerability Database".
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41167 โผ
๐ Read
via "National Vulnerability Database".
modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don't. Any code calling these functions will be written thinking they would limit the concurrency but they won't. This could lead to potential security issues in other projects. The problem has been patched in 1.0.4. There is no workaround.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38896 โผ
๐ Read
via "National Vulnerability Database".
IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41135 โผ
๐ Read
via "National Vulnerability Database".
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the nodeรยขรขโยฌรขโยขs local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2.๐ Read
via "National Vulnerability Database".
๐ด Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme ๐ด
๐ Read
via "Dark Reading".
Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme.๐ Read
via "Dark Reading".
Dark Reading
Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme
Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme.
๐ด MITRE Engenuity Announces ATT&CKยฎ Evaluations Call for Participation for Managed Services ๐ด
๐ Read
via "Dark Reading".
Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies.๐ Read
via "Dark Reading".
Dark Reading
MITRE Engenuity Announces ATT&CKยฎ Evaluations Call for Participation for Managed Services
Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies.
๐ด Google: Phishing Campaign Targets YouTube Creators ๐ด
๐ Read
via "Dark Reading".
The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.๐ Read
via "Dark Reading".
Dark Reading
Google: Phishing Campaign Targets YouTube Creators
The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.
๐ด CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations ๐ด
๐ Read
via "Dark Reading".
Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs.๐ Read
via "Dark Reading".
Dark Reading
CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations
Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs.