β Microsoft documents βSHROOTLESSβ hack patched in latest Apple updates β
π Read
via "Naked Security".
We'd have called this bug "SHROOTMORE", but naming it wasn't our call.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ Trickbot arrest: Russian national extradited to US for alleged role in developing notorious banking trojan ποΈ
π Read
via "The Daily Swig".
Vladimir Dunaev made his first appearance in federal court this weekπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Trickbot arrest: Russian national extradited to US for alleged role in developing notorious banking trojan
Vladimir Dunaev made his first appearance in federal court this week
π΄ Finding the Right Approach to Cloud Security Posture Management (CSPM) π΄
π Read
via "Dark Reading".
Cloud security is maturing β it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal's CTO, reviews one of the latest: CSPM.π Read
via "Dark Reading".
Dark Reading
Finding the Right Approach to Cloud Security Posture Management (CSPM)
Cloud security is maturing β it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal's CTO, reviews one of the latest: CSPM.
βΌ CVE-2021-3441 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-3662 βΌ
π Read
via "National Vulnerability Database".
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-22037 βΌ
π Read
via "National Vulnerability Database".
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22038 βΌ
π Read
via "National Vulnerability Database".
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.π Read
via "National Vulnerability Database".
π΄ A Treehouse of Security Horrors π΄
π Read
via "Dark Reading".
True-life horrors from conversations with software engineers and developers. D'oh!π Read
via "Dark Reading".
Dark Reading
A Treehouse of Security Horrors
True-life horrors from conversations with software engineers and developers. <i>D'oh! </i>
β Google Chrome is Abused to Deliver Malware as βLegitβ Win 10 App β
π Read
via "Threat Post".
Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.π Read
via "Threat Post".
Threat Post
Google Chrome is Abused to Deliver Malware as βLegitβ Win 10 App
Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.
π΄ What Exactly Is Secure Access Service Edge (SASE)? π΄
π Read
via "Dark Reading".
Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.π Read
via "Dark Reading".
Dark Reading
What Exactly Is Secure Access Service Edge (SASE)?
Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.
ποΈ All Day DevOps 2021: Securing the software supply chain with ephemerality and the least-privilege principle ποΈ
π Read
via "The Daily Swig".
βThe new boundary for systems engineering is how ephemeral can you make any given process with a privilegeβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
All Day DevOps 2021: Securing the software supply chain with ephemerality and the least-privilege principle
βThe new boundary for systems engineering is how ephemeral can you make any given process with a privilegeβ
βΌ CVE-2021-41186 βΌ
π Read
via "National Vulnerability Database".
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).π Read
via "National Vulnerability Database".
βΌ CVE-2021-35237 βΌ
π Read
via "National Vulnerability Database".
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39179 βΌ
π Read
via "National Vulnerability Database".
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remote attackers to execute arbitrary SQL commands via unspecified vectors. This vulnerability affects the `/api/trackedEntityInstances` and `/api/trackedEntityInstances/query` API endpoints in all DHIS2 versions 2.34, 2.35, and 2.36. It also affects versions 2.32 and 2.33 which have reached _end of support_ - exceptional security updates have been added to the latest *end of support* builds for these versions. Versions 2.31 and older are unaffected. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user - the vulnerability requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. Security patches are available in DHIS2 versions 2.32-EOS, 2.33-EOS, 2.34.7, 2.35.7, and 2.36.4. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the `/api/trackedEntityInstances`, and `/api/trackedEntityInstances/query` endpoints as a temporary workaround while waiting to upgrade.π Read
via "National Vulnerability Database".
π GRAudit Grep Auditing Tool 3.2 π
π Read
via "Packet Storm Security".
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.π Read
via "Packet Storm Security".
Packetstormsecurity
GRAudit Grep Auditing Tool 3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Cybercriminals Take Aim at Connected Car Infrastructure π΄
π Read
via "Dark Reading".
While car makers are paying more attention to cybersecurity, the evolution of automobiles into "software platforms on wheels" and the quick adoption of new features has put connected cars in the crosshairs.π Read
via "Dark Reading".
Dark Reading
IoT recent news | Dark Reading
Explore the latest news and expert commentary on IoT, brought to you by the editors of Dark Reading
π Friday Five 10/29 π
π Read
via "".
Apple fixes a critical SIP bypass and personal data protection becomes a fundamental right in Brazil - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 10/29
Apple fixes a critical SIP bypass and personal data protection becomes a fundamental right in Brazil - catch up on the infosec news of the week with the Friday Five!
βΌ CVE-2021-3756 βΌ
π Read
via "National Vulnerability Database".
libmysofa is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41674 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41643 βΌ
π Read
via "National Vulnerability Database".
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41675 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .π Read
via "National Vulnerability Database".