β WordPress Plugin Bug Lets Subscribers Wipe Sites β
π Read
via "Threat Post".
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media.π Read
via "Threat Post".
Threat Post
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
π΄ Defenders Worry Orgs Are More Vulnerable Than Last Year π΄
π Read
via "Dark Reading".
Most IT and security leaders are confident their cybersecurity strategy is on the right track, but they still believe their organizations are as vulnerable as they were a year ago.π Read
via "Dark Reading".
Dark Reading
Defenders Worry Orgs Are More Vulnerable Than Last Year
Most IT and security leaders are confident their cybersecurity strategies are on the right track, but they still believe their organizations are as vulnerable as they were a year ago.
βΌ CVE-2021-25219 βΌ
π Read
via "National Vulnerability Database".
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1117 βΌ
π Read
via "National Vulnerability Database".
Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3901 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-1115 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41191 βΌ
π Read
via "National Vulnerability Database".
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1116 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3903 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2020-21250 βΌ
π Read
via "National Vulnerability Database".
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.π Read
via "National Vulnerability Database".
β Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices β
π Read
via "Naked Security".
A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.π Read
via "Naked Security".
Naked Security
Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices
A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.
π΄ HelpSystems Acquires Digital Guardian, Extends DLP Capabilities π΄
π Read
via "Dark Reading".
The acquisition strengthens HelpSystemsβ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.π Read
via "Dark Reading".
Dark Reading
HelpSystems Acquires Digital Guardian, Extends DLP Capabilities
The acquisition strengthens HelpSystemsβ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.
βΌ CVE-2021-3906 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Typeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3904 βΌ
π Read
via "National Vulnerability Database".
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2019-19810 βΌ
π Read
via "National Vulnerability Database".
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.π Read
via "National Vulnerability Database".
β Grief Ransomware Targets NRA β
π Read
via "Threat Post".
Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site. π Read
via "Threat Post".
Threat Post
Grief Ransomware Targets NRA
Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site.
β S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now! Serious security explained with personality in plain English.π Read
via "Naked Security".
Naked Security
S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]
Latest episode β listen now! Serious security explained with personality in plain English.
π΄ You've Just Been Ransomed ... Now What? π΄
π Read
via "Dark Reading".
Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.π Read
via "Dark Reading".
Dark Reading
You've Just Been Ransomed ... Now What?
Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.
βΌ CVE-2021-22475 βΌ
π Read
via "National Vulnerability Database".
There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22454 βΌ
π Read
via "National Vulnerability Database".
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36990 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.π Read
via "National Vulnerability Database".