ποΈ Africa sees increase in ransomware, botnet attacks β but online scams still pose biggest threat ποΈ
π Read
via "The Daily Swig".
Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market reportπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Africa sees increase in ransomware, botnet attacks β but online scams still pose biggest threat
Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report
ποΈ SQL injection flaw in billing software app tied to US ransomware infection ποΈ
π Read
via "The Daily Swig".
BillQuick customers blindsided by recently patched web security flawπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection flaw in billing software app tied to US ransomware infection
BillQuick customers blindsided by recently patched web security flaw
π Cybersecurity Talent Gap Shrinks to 2.72 Million Individuals π
π Read
via "".
A new report suggests the job market saw 700,000 new cybersecurity professionals since 2020. While the number is an improvement, the gap continues to outpace whatβs needed.π Read
via "".
Digital Guardian
Cybersecurity Talent Gap Shrinks to 2.72 Million Individuals
A new report suggests the job market saw 700,000 new cybersecurity professionals since 2020. While the number is an improvement, the gap continues to outpace whatβs needed.
ποΈ Infosec skills gap widens in all regions bar Asia-Pacific β report ποΈ
π Read
via "The Daily Swig".
Overall worldwide shortfall shrinks 400k to 2.7m unfilled positionsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Infosec skills gap widens in all regions bar Asia-Pacific β report
Overall worldwide shortfall shrinks 400k to 2.7m unfilled positions
β Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users β
π Read
via "Threat Post".
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.π Read
via "Threat Post".
Threat Post
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
βΌ CVE-2021-41173 βΌ
π Read
via "National Vulnerability Database".
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41184 βΌ
π Read
via "National Vulnerability Database".
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41185 βΌ
π Read
via "National Vulnerability Database".
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41157 βΌ
π Read
via "National Vulnerability Database".
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41183 βΌ
π Read
via "National Vulnerability Database".
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41175 βΌ
π Read
via "National Vulnerability Database".
Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37364 βΌ
π Read
via "National Vulnerability Database".
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41188 βΌ
π Read
via "National Vulnerability Database".
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41158 βΌ
π Read
via "National Vulnerability Database".
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH's network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41172 βΌ
π Read
via "National Vulnerability Database".
AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is patched in version 0.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37363 βΌ
π Read
via "National Vulnerability Database".
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41182 βΌ
π Read
via "National Vulnerability Database".
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.π Read
via "National Vulnerability Database".
π¦Ώ 9 key security threats that organizations will face in 2022 π¦Ώ
π Read
via "Tech Republic".
Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.π Read
via "Tech Republic".
TechRepublic
9 key security threats that organizations will face in 2022 | TechRepublic
Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.
π¦Ώ Phishing attack exploits Craigslist and Microsoft OneDrive π¦Ώ
π Read
via "Tech Republic".
A phishing campaign took advantage of the mail relay function on Craigslist, which allows attackers to remain anonymous, Inky says.π Read
via "Tech Republic".
β Attackers Hijack Craigslist Emails to Deliver Malware β
π Read
via "Threat Post".
Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain βinappropriate content.βπ Read
via "Threat Post".
Threat Post
Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Manipulated Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain "inappropriate content.β
β Listen up 4 β CYBERSECURITY FIRST! Purple teaming β learning to think like your adversaries β
π Read
via "Naked Security".
Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.π Read
via "Naked Security".
Naked Security
Listen up 4 β CYBERSECURITY FIRST! Purple teaming β learning to think like your adversaries
Michelle Farenci knows her stuff, because sheβs a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.