π Friday Five 10/22 π
π Read
via "".
A GPS software bug, helping nonprofits defend against nation state attacks, and the DOJ wants more incident reporting - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 10/22
A GPS software bug, helping nonprofits defend against nation state attacks, and the DOJ wants more incident reporting - catch up on the infosec news of the week with the Friday Five!
π΄ 7 Ways to Lock Down Enterprise Printers π΄
π Read
via "Dark Reading".
Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks.π Read
via "Dark Reading".
Dark Reading
7 Ways to Lock Down Enterprise Printers
Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks.
β REvil Servers Shoved Offline by Governments β But Theyβll Be Back, Researchers Say β
π Read
via "Threat Post".
A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.π Read
via "Threat Post".
Threat Post
REvil Servers Shoved Offline by Governments β But Theyβll Be Back, Researchers Say
A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
π΄ 'TodayZoo' Phishing Kit Cobbled Together From Other Malware π΄
π Read
via "Dark Reading".
Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.π Read
via "Dark Reading".
Dark Reading
'TodayZoo' Phishing Kit Cobbled Together From Other Malware
Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.
β FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks β
π Read
via "Threat Post".
The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.π Read
via "Threat Post".
Threat Post
FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks
The infamous Carbanak operator is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure "pen-testing" company.
βΌ CVE-2021-42840 βΌ
π Read
via "National Vulnerability Database".
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42556 βΌ
π Read
via "National Vulnerability Database".
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42836 βΌ
π Read
via "National Vulnerability Database".
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41171 βΌ
π Read
via "National Vulnerability Database".
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29835 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.π Read
via "National Vulnerability Database".
π΄ aDolus raises $2.5 million to secure critical infrastructure and grow sales and marketing team π΄
π Read
via "Dark Reading".
Software supply chain security experts to drive aggressive go-to-market strategyπ Read
via "Dark Reading".
Dark Reading
aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team
Software supply chain security experts to drive aggressive go-to-market strategy
βΌ CVE-2020-36485 βΌ
π Read
via "National Vulnerability Database".
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23060 βΌ
π Read
via "National Vulnerability Database".
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28968 βΌ
π Read
via "National Vulnerability Database".
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28957 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36491 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36493 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36490 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28955 βΌ
π Read
via "National Vulnerability Database".
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23047 βΌ
π Read
via "National Vulnerability Database".
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23037 βΌ
π Read
via "National Vulnerability Database".
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.π Read
via "National Vulnerability Database".