βΌ CVE-2021-34789 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39127 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40122 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34743 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1529 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34738 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42097 βΌ
π Read
via "National Vulnerability Database".
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40123 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted.π Read
via "National Vulnerability Database".
ποΈ Security pre-advisories: A simple way to improve the patch management process ποΈ
π Read
via "The Daily Swig".
Improving enterprise security, one patch at a timeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security pre-advisories: A simple way to improve the patch management process
Improving enterprise security, one patch at a time
π΄ Proposed HTTPA Protocol Uses TEEs to Secure the Web π΄
π Read
via "Dark Reading".
Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost web security.π Read
via "Dark Reading".
Dark Reading
Proposed HTTPA Protocol Uses TEEs to Secure the Web
Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost Web security.
β Why is Cybersecurity Failing Against Ransomware? β
π Read
via "Threat Post".
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.π Read
via "Threat Post".
Threat Post
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
ποΈ Bulletproof hosting duo jailed over support of cyber-attacks against US targets ποΈ
π Read
via "The Daily Swig".
Attacks leveraging defendantsβ infrastructure inflicted heavy financial losses on victimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bulletproof hosting duo jailed over support of cyber-attacks against US targets
Attacks leveraging defendantsβ infrastructure inflicted heavy financial losses on victims
π¦Ώ Microsoft bought CloudKnox because hybrid multicloud identity is complicated π¦Ώ
π Read
via "Tech Republic".
Managing passwords and privileged access is bad enough for peopleβbut that's going to be dwarfed by the problem of dealing with non-human identities.π Read
via "Tech Republic".
π΄ How Psychology Can Save Your Cybersecurity Awareness Training Program π΄
π Read
via "Dark Reading".
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.π Read
via "Dark Reading".
Dark Reading
How Psychology Can Save Your Cybersecurity Awareness Training Program
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.
βΌ CVE-2021-35512 βΌ
π Read
via "National Vulnerability Database".
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.π Read
via "National Vulnerability Database".
ποΈ New bug bounty platform launches for Indian ethical hackers ποΈ
π Read
via "The Daily Swig".
Security researchers can sign up nowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New bug bounty platform launches for Indian ethical hackers
Security researchers can sign up now
π¦Ώ How to digitally sign email in Apple Mail π¦Ώ
π Read
via "Tech Republic".
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.π Read
via "Tech Republic".
TechRepublic
How to digitally sign email in Apple Mail
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.
π AntiRansom 5 π
π Read
via "Packet Storm Security".
AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.π Read
via "Packet Storm Security".
Packetstormsecurity
AntiRansom 5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts] β
π Read
via "Naked Security".
Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)π Read
via "Naked Security".
Naked Security
S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
Latest episode β listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)
π΄ Macs Still Targeted Mostly With Adware, Less With Malware π΄
π Read
via "Dark Reading".
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.π Read
via "Dark Reading".
Dark Reading
Macs Still Targeted Mostly With Adware, Less With Malware
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.
βΌ CVE-2021-42740 βΌ
π Read
via "National Vulnerability Database".
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.π Read
via "National Vulnerability Database".