π΄ Name That Edge Toon: Parting Thoughts π΄
π Read
via "Dark Reading".
Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Parting Thoughts
Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2021-26740 βΌ
π Read
via "National Vulnerability Database".
Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26739 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.π Read
via "National Vulnerability Database".
π Virtual Conferencing Software Must Improve Data Protection, Regulators Warn π
π Read
via "".
Following an investigation, six countries and four companies outlined best practices for mitigating privacy risks in video conferencing apps.π Read
via "".
Digital Guardian
Virtual Conferencing Software Must Improve Data Protection, Regulators Warn
Following an investigation, six countries and four companies outlined best practices for mitigating privacy risks in video conferencing apps.
βΌ CVE-2021-42917 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.π Read
via "National Vulnerability Database".
β Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion β
π Read
via "Threat Post".
An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems.π Read
via "Threat Post".
Threat Post
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion
An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems.
π΄ Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks π΄
π Read
via "Dark Reading".
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.π Read
via "Dark Reading".
Dark Reading
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.
π΄ SonicWall: 'The Year of Ransomware' Continues with Unprecedented Late-Summer Surge π΄
π Read
via "Dark Reading".
2021 will be the most costly and dangerous year on record.π Read
via "Dark Reading".
Dark Reading
SonicWall: 'The Year of Ransomware' Continues with Unprecedented Late-Summer Surge
2021 will be the most costly and dangerous year on record.
π΄ New 'Trojan Source' Method Lets Attackers Hide Vulns in Source Code π΄
π Read
via "Dark Reading".
Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.π Read
via "Dark Reading".
Dark Reading
New 'Trojan Source' Method Lets Attackers Hide Vulns in Source Code
Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.
π΄ Zscalerβs 2021 Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats π΄
π Read
via "Dark Reading".
Massive increase in cyberattacks targeting technology and retail industries confirms immediate need for zero-trust securityπ Read
via "Dark Reading".
Dark Reading
Zscalerβs 2021 Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats
Massive increase in cyberattacks targeting technology and retail industries confirms immediate need for zero-trust security
π΄ CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day π΄
π Read
via "Dark Reading".
CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.π Read
via "Dark Reading".
Dark Reading
CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day
CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.
βΌ CVE-2021-39341 βΌ
π Read
via "National Vulnerability Database".
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31849 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20136 βΌ
π Read
via "National Vulnerability Database".
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39340 βΌ
π Read
via "National Vulnerability Database".
The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31848 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38356 βΌ
π Read
via "National Vulnerability Database".
The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].π Read
via "National Vulnerability Database".
βΌ CVE-2021-39346 βΌ
π Read
via "National Vulnerability Database".
The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39333 βΌ
π Read
via "National Vulnerability Database".
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.π Read
via "National Vulnerability Database".
βΌ CVE-2018-10909 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π΄ How AI-Driven Security Analytics Speeds Up Enterprise Defense π΄
π Read
via "Dark Reading".
Fresh off a $250 million Series E round, Devo Technology plans to expand the core security analytics platform with new features to help enterprise defenders work with security data faster and more effectively.π Read
via "Dark Reading".
Dark Reading
How AI-Driven Security Analytics Speeds Up Enterprise Defense
Fresh off a $250 million Series E round, Devo Technology plans to expand the core security analytics platform with new features to help enterprise defenders work with security data faster and more effectively.