βΌ CVE-2021-41872 βΌ
π Read
via "National Vulnerability Database".
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.π Read
via "National Vulnerability Database".
ποΈ Data breach at Colorado university impacts 30,000 students ποΈ
π Read
via "The Daily Swig".
Atlassian vulnerability believed to be attack vectorπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
π¦Ώ Microsoft warns of new supply chain attacks by Russian-backed Nobelium group π¦Ώ
π Read
via "Tech Republic".
The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May.π Read
via "Tech Republic".
ποΈ βProfessional cybercriminalsβ blamed for DDoS attacks against UK telecoms providers ποΈ
π Read
via "The Daily Swig".
Packet in, says industry groupπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
βΌ CVE-2021-41590 βΌ
π Read
via "National Vulnerability Database".
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38379 βΌ
π Read
via "National Vulnerability Database".
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22101 βΌ
π Read
via "National Vulnerability Database".
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36756 βΌ
π Read
via "National Vulnerability Database".
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24932 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41589 βΌ
π Read
via "National Vulnerability Database".
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. This does not apply to the build cache provided with Gradle Enterprise, but does apply to the separate build cache node service if used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41619 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37221 βΌ
π Read
via "National Vulnerability Database".
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .π Read
via "National Vulnerability Database".
β Apple Patches Critical iOS Bugs; One Under Attack β
π Read
via "Threat Post".
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.π Read
via "Threat Post".
Threat Post
Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.
π΄ Cybercriminals Ramp Up Attacks on Web APIs π΄
π Read
via "Dark Reading".
As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Ramp Up Attacks on Web APIs
As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.
π Zeek 4.1.1 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β War-Driving Technique Allows Wi-Fi Password-Cracking at Scale β
π Read
via "Threat Post".
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.π Read
via "Threat Post".
Threat Post
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.
π΄ 6 Eye-Opening Statistics About Software Supply Chain Security π΄
π Read
via "Dark Reading".
The latest facts and figures on the state of software supply chain security in the enterprise.π Read
via "Dark Reading".
Dark Reading
6 Eye-Opening Statistics About Software Supply Chain Security
The latest facts and figures on the state of software supply chain security in the enterprise.
π΄ Kaspersky Buys Brain4Net to Build SASE & XDR Tools π΄
π Read
via "Dark Reading".
Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.π Read
via "Dark Reading".
Dark Reading
Kaspersky Buys Brain4Net to Build SASE & XDR Tools
Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.
βΌ CVE-2021-37807 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37803 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .π Read
via "National Vulnerability Database".
βΌ CVE-2021-37808 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.π Read
via "National Vulnerability Database".