π’ DDoS attacks are crippling UK VoIP operators π’
π Read
via "ITPro".
Businesses and emergency services are among customers hit by outages at VoIP firmsπ Read
via "ITPro".
IT PRO
DDoS attacks are crippling UK VoIP operators | IT PRO
Businesses and emergency services are among customers hit by outages at VoIP firms
π’ Critical macOS vulnerability found to bypass SIP restrictions π’
π Read
via "ITPro".
The flaw lies in how the OS handles software packages and post-installation scriptsπ Read
via "ITPro".
IT PRO
Critical macOS vulnerability found to bypass SIP restrictions | IT PRO
The flaw lies in how the OS handles software packages and post-installation scripts
π’ Australian Federal Police plots "aggressive" cyber division following law change π’
π Read
via "ITPro".
New powers allow law enforcement to launch disruptive operations and collect data on suspected criminalsπ Read
via "ITPro".
IT PRO
Australian Federal Police plots "aggressive" cyber division following law change | IT PRO
New powers allow law enforcement to launch disruptive operations and collect data on suspected criminals
π’ Luxury hotel chain hit twice by hackers after reneging on ransomware payment π’
π Read
via "ITPro".
The group claims to have information belonging to millions of customers who stayed at Centara hotels and resorts between 2003 and 2021π Read
via "ITPro".
IT Pro
Luxury hotel chain hit twice by hackers after reneging on ransomware payment
The group claims to have information belonging to millions of customers who stayed at Centara hotels and resorts between 2003 and 2021
π’ Microsoft resellers warned of Nobelium attacks on IT supply chain π’
π Read
via "ITPro".
Microsoft believes that 22,868 attacks have been conducted against 609 partners since Julyπ Read
via "ITPro".
channelpro
Microsoft resellers warned of Nobelium attacks on IT supply chain
Microsoft believes that 22,868 attacks have been conducted against 609 partners since July
π’ UK gov must act now to regulate Facebook, says whistleblower π’
π Read
via "ITPro".
Frances Haugen told members of the Online Safety Bill committee that the social network "is closing the door on us being able to actβπ Read
via "ITPro".
IT PRO
UK gov must act now to regulate Facebook, says whistleblower | IT PRO
Frances Haugen told members of the Online Safety Bill committee that the social network "is closing the door on us being able to actβ
π’ Critical vulnerability discovered in popular CI/CD framework π’
π Read
via "ITPro".
Flaw in GoCD software delivery pipeline thought to have affected a host of NGOs and Fortune 500 companiesπ Read
via "ITPro".
IT PRO
Critical vulnerability discovered in popular CI/CD framework | IT PRO
Flaw in GoCD software delivery pipeline thought to have affected a host of NGOs and Fortune 500 companies
π’ Ransomware gang claims to have hacked the NRA π’
π Read
via "ITPro".
βGrief" gang says it has already leaked some of its stolen data to the dark webπ Read
via "ITPro".
IT PRO
Ransomware gang claims to have hacked the NRA | IT PRO
βGrief" gang says it has already leaked some of its stolen data to the dark web
βΌ CVE-2020-25912 βΌ
π Read
via "National Vulnerability Database".
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-25911 βΌ
π Read
via "National Vulnerability Database".
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-33259 βΌ
π Read
via "National Vulnerability Database".
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.π Read
via "National Vulnerability Database".
βοΈ βTrojan Sourceβ Bug Threatens the Security of All Code βοΈ
π Read
via "Krebs on Security".
Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.π Read
via "Krebs on Security".
Krebs on Security
βTrojan Sourceβ Bug Threatens the Security of All Code
Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detectedβ¦
βΌ CVE-2021-24789 βΌ
π Read
via "National Vulnerability Database".
The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2018-25019 βΌ
π Read
via "National Vulnerability Database".
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web serverπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24793 βΌ
π Read
via "National Vulnerability Database".
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24799 βΌ
π Read
via "National Vulnerability Database".
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24742 βΌ
π Read
via "National Vulnerability Database".
The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24570 βΌ
π Read
via "National Vulnerability Database".
The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24624 βΌ
π Read
via "National Vulnerability Database".
The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24682 βΌ
π Read
via "National Vulnerability Database".
The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24794 βΌ
π Read
via "National Vulnerability Database".
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".