βΌ CVE-2021-34593 βΌ
π Read
via "National Vulnerability Database".
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34586 βΌ
π Read
via "National Vulnerability Database".
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.π Read
via "National Vulnerability Database".
β Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads β
π Read
via "Threat Post".
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.π Read
via "Threat Post".
Threat Post
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
π΄ Pulling Back the Curtain on Bug Bounties π΄
π Read
via "Dark Reading".
It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.π Read
via "Dark Reading".
Dark Reading
Pulling Back the Curtain on Bug Bounties
It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.
βΌ CVE-2021-26607 βΌ
π Read
via "National Vulnerability Database".
An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41873 βΌ
π Read
via "National Vulnerability Database".
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37371 βΌ
π Read
via "National Vulnerability Database".
Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26609 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.π Read
via "National Vulnerability Database".
βΌ CVE-2011-2195 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37372 βΌ
π Read
via "National Vulnerability Database".
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41078 βΌ
π Read
via "National Vulnerability Database".
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.π Read
via "National Vulnerability Database".
βΌ CVE-2011-4119 βΌ
π Read
via "National Vulnerability Database".
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.π Read
via "National Vulnerability Database".
ποΈ Africa sees increase in ransomware, botnet attacks β but online scams still pose biggest threat ποΈ
π Read
via "The Daily Swig".
Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market reportπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Africa sees increase in ransomware, botnet attacks β but online scams still pose biggest threat
Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report
ποΈ SQL injection flaw in billing software app tied to US ransomware infection ποΈ
π Read
via "The Daily Swig".
BillQuick customers blindsided by recently patched web security flawπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection flaw in billing software app tied to US ransomware infection
BillQuick customers blindsided by recently patched web security flaw
π Cybersecurity Talent Gap Shrinks to 2.72 Million Individuals π
π Read
via "".
A new report suggests the job market saw 700,000 new cybersecurity professionals since 2020. While the number is an improvement, the gap continues to outpace whatβs needed.π Read
via "".
Digital Guardian
Cybersecurity Talent Gap Shrinks to 2.72 Million Individuals
A new report suggests the job market saw 700,000 new cybersecurity professionals since 2020. While the number is an improvement, the gap continues to outpace whatβs needed.
ποΈ Infosec skills gap widens in all regions bar Asia-Pacific β report ποΈ
π Read
via "The Daily Swig".
Overall worldwide shortfall shrinks 400k to 2.7m unfilled positionsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Infosec skills gap widens in all regions bar Asia-Pacific β report
Overall worldwide shortfall shrinks 400k to 2.7m unfilled positions
β Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users β
π Read
via "Threat Post".
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.π Read
via "Threat Post".
Threat Post
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
βΌ CVE-2021-41173 βΌ
π Read
via "National Vulnerability Database".
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41184 βΌ
π Read
via "National Vulnerability Database".
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41185 βΌ
π Read
via "National Vulnerability Database".
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41157 βΌ
π Read
via "National Vulnerability Database".
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.π Read
via "National Vulnerability Database".