βΌ CVE-2021-29212 βΌ
π Read
via "National Vulnerability Database".
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3705 βΌ
π Read
via "National Vulnerability Database".
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29213 βΌ
π Read
via "National Vulnerability Database".
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28702 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information.π Read
via "National Vulnerability Database".
β βTrojan Sourceβ Hides Invisible Bugs in Source Code β
π Read
via "Threat Post".
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.π Read
via "Threat Post".
Threat Post
βTrojan Sourceβ Hides Invisible Bugs in Source Code
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.
ποΈ Multiple flaws in telecoms stack software FreeSwitch uncovered ποΈ
π Read
via "The Daily Swig".
Authentication and denial of service risks for DIY PBX tech patchedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Multiple flaws in telecoms stack software FreeSwitch uncovered
Authentication and denial of service risks for DIY PBX tech patched
π΄ Name That Edge Toon: Parting Thoughts π΄
π Read
via "Dark Reading".
Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Parting Thoughts
Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2021-26740 βΌ
π Read
via "National Vulnerability Database".
Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26739 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.π Read
via "National Vulnerability Database".
π Virtual Conferencing Software Must Improve Data Protection, Regulators Warn π
π Read
via "".
Following an investigation, six countries and four companies outlined best practices for mitigating privacy risks in video conferencing apps.π Read
via "".
Digital Guardian
Virtual Conferencing Software Must Improve Data Protection, Regulators Warn
Following an investigation, six countries and four companies outlined best practices for mitigating privacy risks in video conferencing apps.
βΌ CVE-2021-42917 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.π Read
via "National Vulnerability Database".
β Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion β
π Read
via "Threat Post".
An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems.π Read
via "Threat Post".
Threat Post
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion
An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems.
π΄ Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks π΄
π Read
via "Dark Reading".
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.π Read
via "Dark Reading".
Dark Reading
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.
π΄ SonicWall: 'The Year of Ransomware' Continues with Unprecedented Late-Summer Surge π΄
π Read
via "Dark Reading".
2021 will be the most costly and dangerous year on record.π Read
via "Dark Reading".
Dark Reading
SonicWall: 'The Year of Ransomware' Continues with Unprecedented Late-Summer Surge
2021 will be the most costly and dangerous year on record.
π΄ New 'Trojan Source' Method Lets Attackers Hide Vulns in Source Code π΄
π Read
via "Dark Reading".
Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.π Read
via "Dark Reading".
Dark Reading
New 'Trojan Source' Method Lets Attackers Hide Vulns in Source Code
Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.
π΄ Zscalerβs 2021 Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats π΄
π Read
via "Dark Reading".
Massive increase in cyberattacks targeting technology and retail industries confirms immediate need for zero-trust securityπ Read
via "Dark Reading".
Dark Reading
Zscalerβs 2021 Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats
Massive increase in cyberattacks targeting technology and retail industries confirms immediate need for zero-trust security
π΄ CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day π΄
π Read
via "Dark Reading".
CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.π Read
via "Dark Reading".
Dark Reading
CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day
CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.
βΌ CVE-2021-39341 βΌ
π Read
via "National Vulnerability Database".
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31849 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20136 βΌ
π Read
via "National Vulnerability Database".
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39340 βΌ
π Read
via "National Vulnerability Database".
The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".