β Cybersecurity Awareness Month: Listen up β CYBERSECURITY FIRST! β
π Read
via "Naked Security".
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Listen up β CYBERΒSECURITY FIRST!
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!
β REvil ransomware gang allegedly forced offline by law enforcement counterattacks β
π Read
via "Naked Security".
One down. Lots more to go. Here's what to do...π Read
via "Naked Security".
Naked Security
REvil ransomware gang allegedly forced offline by law enforcement counterattacks
One down. Lots more to go. Hereβs what to doβ¦
βΌ CVE-2021-40527 βΌ
π Read
via "National Vulnerability Database".
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40526 βΌ
π Read
via "National Vulnerability Database".
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bikeπ Read
via "National Vulnerability Database".
β Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks β
π Read
via "Naked Security".
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.π Read
via "Naked Security".
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
Everyone remembers this yearβs big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
ποΈ Polygon pays out record $2 million bug bounty reward for critical vulnerability ποΈ
π Read
via "The Daily Swig".
Ethical hacker bags top prize for double spend flaw in smart contractπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Polygon pays out record $2 million bug bounty reward for critical vulnerability
Ethical hacker bags top prize for double spend flaw in smart contract
ποΈ Discourse fixes critical validation-related vulnerability in forum software ποΈ
π Read
via "The Daily Swig".
We need to talk about lack of validationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Discourse fixes critical validation-related vulnerability in forum software
We need to talk about lack of validation
β CISA Urges Sites to Patch Critical RCE in Discourse β
π Read
via "Threat Post".
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazonβs Seller Central.π Read
via "Threat Post".
Threat Post
CISA Urges Sites to Patch Critical RCE in Discourse
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazonβs Seller Central.
β Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? β
π Read
via "Naked Security".
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.π Read
via "Naked Security".
Naked Security
Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.
βΌ CVE-2021-24774 βΌ
π Read
via "National Vulnerability Database".
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24515 βΌ
π Read
via "National Vulnerability Database".
The Video Gallery ΓΒ’Γ’β¬Òβ¬Ε Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24608 βΌ
π Read
via "National Vulnerability Database".
The Formidable Form Builder ΓΒ’Γ’β¬Òβ¬Ε Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24489 βΌ
π Read
via "National Vulnerability Database".
The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24884 βΌ
π Read
via "National Vulnerability Database".
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0939 βΌ
π Read
via "National Vulnerability Database".
In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-0410 βΌ
π Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7859 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14264 βΌ
π Read
via "National Vulnerability Database".
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"π Read
via "National Vulnerability Database".
βΌ CVE-2021-0414 βΌ
π Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0633 βΌ
π Read
via "National Vulnerability Database".
In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0409 βΌ
π Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359.π Read
via "National Vulnerability Database".