π’ Oak9βs IaC security platform now available on AWS π’
π Read
via "ITPro".
The solution speeds up app deployment while providing comprehensive securityπ Read
via "ITPro".
IT PRO
Oak9βs IaC security platform now available on AWS | IT PRO
The solution speeds up app deployment while providing comprehensive security
π’ The best remote access solutions π’
π Read
via "ITPro".
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support toolsπ Read
via "ITPro".
IT PRO
The best remote access software | IT PRO
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support tools
π’ Almost 70% of CISOs expect a ransomware attack π’
π Read
via "ITPro".
Many companies are willing to make ransomware payments in the face of the growing threatπ Read
via "ITPro".
IT PRO
Almost 70% of CISOs expect a ransomware attack | IT PRO
Many companies are willing to make ransomware payments in the face of the growing threat
βΌ CVE-2021-40371 βΌ
π Read
via "National Vulnerability Database".
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21703 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.π Read
via "National Vulnerability Database".
β Cybersecurity Awareness Month: Listen up β CYBERSECURITY FIRST! β
π Read
via "Naked Security".
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Listen up β CYBERΒSECURITY FIRST!
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!
β REvil ransomware gang allegedly forced offline by law enforcement counterattacks β
π Read
via "Naked Security".
One down. Lots more to go. Here's what to do...π Read
via "Naked Security".
Naked Security
REvil ransomware gang allegedly forced offline by law enforcement counterattacks
One down. Lots more to go. Hereβs what to doβ¦
βΌ CVE-2021-40527 βΌ
π Read
via "National Vulnerability Database".
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40526 βΌ
π Read
via "National Vulnerability Database".
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bikeπ Read
via "National Vulnerability Database".
β Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks β
π Read
via "Naked Security".
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.π Read
via "Naked Security".
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
Everyone remembers this yearβs big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
ποΈ Polygon pays out record $2 million bug bounty reward for critical vulnerability ποΈ
π Read
via "The Daily Swig".
Ethical hacker bags top prize for double spend flaw in smart contractπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Polygon pays out record $2 million bug bounty reward for critical vulnerability
Ethical hacker bags top prize for double spend flaw in smart contract
ποΈ Discourse fixes critical validation-related vulnerability in forum software ποΈ
π Read
via "The Daily Swig".
We need to talk about lack of validationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Discourse fixes critical validation-related vulnerability in forum software
We need to talk about lack of validation
β CISA Urges Sites to Patch Critical RCE in Discourse β
π Read
via "Threat Post".
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazonβs Seller Central.π Read
via "Threat Post".
Threat Post
CISA Urges Sites to Patch Critical RCE in Discourse
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazonβs Seller Central.
β Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? β
π Read
via "Naked Security".
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.π Read
via "Naked Security".
Naked Security
Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.
βΌ CVE-2021-24774 βΌ
π Read
via "National Vulnerability Database".
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24515 βΌ
π Read
via "National Vulnerability Database".
The Video Gallery ΓΒ’Γ’β¬Òβ¬Ε Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24608 βΌ
π Read
via "National Vulnerability Database".
The Formidable Form Builder ΓΒ’Γ’β¬Òβ¬Ε Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24489 βΌ
π Read
via "National Vulnerability Database".
The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24884 βΌ
π Read
via "National Vulnerability Database".
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0939 βΌ
π Read
via "National Vulnerability Database".
In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-0410 βΌ
π Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.π Read
via "National Vulnerability Database".