βΌ CVE-2021-40114 βΌ
π Read
via "National Vulnerability Database".
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40118 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34783 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3900 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-34794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34791 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.π Read
via "National Vulnerability Database".
β Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam β
π Read
via "Threat Post".
The kid was busted after abusing Google Ads to lure users to his fake gift card site. π Read
via "Threat Post".
Threat Post
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam
The kid was busted after abusing Google Ads to lure users to his fake gift card site.
β Ransomware Attacks Are Evolving. Your Security Strategy Should, Too β
π Read
via "Threat Post".
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.π Read
via "Threat Post".
Threat Post
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.
π΄ QR Codes Help Attackers Sneak Emails Past Security Controls π΄
π Read
via "Dark Reading".
A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.π Read
via "Dark Reading".
Dark Reading
QR Codes Help Attackers Sneak Emails Past Security Controls
A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.
β€1
β WordPress Plugin Bug Lets Subscribers Wipe Sites β
π Read
via "Threat Post".
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media.π Read
via "Threat Post".
Threat Post
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
π΄ Defenders Worry Orgs Are More Vulnerable Than Last Year π΄
π Read
via "Dark Reading".
Most IT and security leaders are confident their cybersecurity strategy is on the right track, but they still believe their organizations are as vulnerable as they were a year ago.π Read
via "Dark Reading".
Dark Reading
Defenders Worry Orgs Are More Vulnerable Than Last Year
Most IT and security leaders are confident their cybersecurity strategies are on the right track, but they still believe their organizations are as vulnerable as they were a year ago.
βΌ CVE-2021-25219 βΌ
π Read
via "National Vulnerability Database".
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1117 βΌ
π Read
via "National Vulnerability Database".
Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3901 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-1115 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41191 βΌ
π Read
via "National Vulnerability Database".
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1116 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3903 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2020-21250 βΌ
π Read
via "National Vulnerability Database".
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.π Read
via "National Vulnerability Database".
β Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices β
π Read
via "Naked Security".
A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.π Read
via "Naked Security".
Naked Security
Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices
A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.
π΄ HelpSystems Acquires Digital Guardian, Extends DLP Capabilities π΄
π Read
via "Dark Reading".
The acquisition strengthens HelpSystemsβ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.π Read
via "Dark Reading".
Dark Reading
HelpSystems Acquires Digital Guardian, Extends DLP Capabilities
The acquisition strengthens HelpSystemsβ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.