βΌ CVE-2020-25872 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1119 βΌ
π Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1122 βΌ
π Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1118 βΌ
π Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of serviceπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1123 βΌ
π Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25873 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.π Read
via "National Vulnerability Database".
βοΈ Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 βοΈ
π Read
via "Krebs on Security".
In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.π Read
via "Krebs on Security".
Krebsonsecurity
Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018
In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearlyβ¦
β Europol announce βtargetingβ of 12 suspects in ransomware attacks β
π Read
via "Naked Security".
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.π Read
via "Naked Security".
Naked Security
Europol announces βtargetingβ of 12 suspects in ransomware attacks
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.
π΄ Enterprises Allocating More IT Dollars on Cybersecurity π΄
π Read
via "Dark Reading".
Enterprises are allocating more IT dollars towards implementing a multilayered approach to securing data and applications against new threats, data shows.π Read
via "Dark Reading".
Dark Reading
Enterprises Allocating More IT Dollars on Cybersecurity
Enterprises are allocating more IT dollars toward implementing a multilayered approach to securing data and applications against new threats, data shows.
βΌ CVE-2021-36808 βΌ
π Read
via "National Vulnerability Database".
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.π Read
via "National Vulnerability Database".
π’ IT Pro News in Review: SolarWinds cyber attack, AWS deal with MI5, UK VoIP providers under attack π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News in Review: SolarWinds cyber attack, AWS deal with MI5, UK VoIP providers under attack
Welcome to IT Pro's News in Review, a weekly bite-sized bulletin of the top tech stories of the week, for the week ending 15 October, 2021.
π’ Avast launches premium browser with built-in VPN π’
π Read
via "ITPro".
Avast Secure Browser Pro is available now on Windows 10, iOS and Androidπ Read
via "ITPro".
IT PRO
Avast launches premium browser with built-in VPN | IT PRO
Avast Secure Browser Pro is available now on Windows 10, iOS and Android
π’ 70% of IT workers skip key security steps due to work pressures π’
π Read
via "ITPro".
Report finds that a fifth of DevOps and security professionals have considered quitting their jobs due to stressπ Read
via "ITPro".
IT PRO
70% of IT workers skip key security steps due to work pressures | IT PRO
Report finds that a fifth of DevOps and security professionals have considered quitting their jobs due to stress
π’ BlackMatter ransomware victims reclaim data using secret decryptor π’
π Read
via "ITPro".
Emsisoft discovered a critical flaw in the ransomware that allowed them to help victims recover their filesπ Read
via "ITPro".
IT PRO
BlackMatter ransomware victims reclaim data using secret decryptor | IT PRO
Emsisoft discovered a critical flaw in the ransomware that allowed them to help victims recover their files
π’ What is your digital footprint? π’
π Read
via "ITPro".
Your digital footprint is always growing β so we explore how you can keep it under controlπ Read
via "ITPro".
IT PRO
What is your digital footprint? | IT PRO
Your digital footprint is always growing β so we explore how you can keep it under control
π’ What is Emotet? π’
π Read
via "ITPro".
A deep dive into malware's most infamous and prolific strainπ Read
via "ITPro".
IT PRO
What is Emotet? | IT PRO
A deep dive into malware's most infamous and prolific strain
π’ Ransomware hit industrial sector the hardest in the third quarter π’
π Read
via "ITPro".
Cyber criminals are now also targeting the technology sector, which saw a 30% rise in attack volumeπ Read
via "ITPro".
IT PRO
Ransomware hit industrial sector the hardest in the third quarter | IT PRO
Cyber criminals are now also targeting the technology sector, which saw a 30% rise in attack volume
π’ F-Secure Safe review: Simple security struggles to outdo Defender π’
π Read
via "ITPro".
F-Secure Safe doesnβt have the protection or features to stand out against its rivals.π Read
via "ITPro".
IT PRO
F-Secure Safe review: Simple security struggles to outdo Defender | IT PRO
F-Secure Safe doesnβt have the protection or features to stand out against its rivals.
π’ BillQuick billing software exploit lets hackers deploy ransomware π’
π Read
via "ITPro".
The now-patched critical zero-day vulnerability also leaked sensitive data from the time and billing platformπ Read
via "ITPro".
ITPro
BillQuick billing software exploit lets hackers deploy ransomware
The now-patched critical zero-day vulnerability also leaked sensitive data from the time and billing platform
π’ Telstra to acquire Digicel Pacific for $1.6 billion with help from government π’
π Read
via "ITPro".
The deal is being called a 'political buy' to counter Chinese influence in the regionπ Read
via "ITPro".
IT PRO
Telstra to acquire Digicel Pacific for $1.6 billion with help from government | IT PRO
The deal is being called a 'political buy' to counter Chinese influence in the region
π’ Tesco services knocked offline after suspected cyber attack π’
π Read
via "ITPro".
Customers were left unable to make or cancel orders, or amend their scheduled deliveriesπ Read
via "ITPro".
IT PRO
Tesco services knocked offline after suspected cyber attack | IT PRO
Customers were left unable to make or cancel orders, or amend their scheduled deliveries