βΌ CVE-2020-12814 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41019 βΌ
π Read
via "National Vulnerability Database".
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41023 βΌ
π Read
via "National Vulnerability Database".
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log filesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41022 βΌ
π Read
via "National Vulnerability Database".
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scriptsπ Read
via "National Vulnerability Database".
βΌ CVE-2020-15940 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36186 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requestsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36184 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.π Read
via "National Vulnerability Database".
β Ransomware Gangs Target Corporate Financial Activities β
π Read
via "Threat Post".
The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.π Read
via "Threat Post".
Threat Post
Ransomware Gangs Target Corporate Financial Activities
The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.
π΄ Female-Founded Cybersecurity Startup Wabbi Raises Over $2M in Seed Funding π΄
π Read
via "Dark Reading".
Wabbi enables companies to assimilate application security processes into development pipelines to produce and scale application security across enterprises.π Read
via "Dark Reading".
Dark Reading
Female-Founded Cybersecurity Startup Wabbi Raises Over $2M in Seed Funding
Wabbi enables companies to assimilate application security processes into development pipelines to produce and scale application security across enterprises.
π΄ FBI: Ransomware Actors Use Financial Events to Extort Victims π΄
π Read
via "Dark Reading".
Attackers research financial information about an organization and threaten to disclose it if they don't receive ransom quickly.π Read
via "Dark Reading".
Dark Reading
FBI: Ransomware Actors Use Financial Events to Extort Victims
Attackers research financial information about an organization and threaten to disclose it if they don't receive ransom quickly.
π΄ China Hosts More Malware Than Russia: Findings from DNSFilter's 2021 Domain Threat Report π΄
π Read
via "Dark Reading".
Cryptomining has also had a resurgence over the last year as blockchain technology and NFTs rise in popularity.π Read
via "Dark Reading".
Dark Reading
China Hosts More Malware Than Russia: Findings from DNSFilter's 2021 Domain Threat Report
Cryptomining has also had a resurgence over the last year as blockchain technology and NFTs rise in popularity.
β Squid Game Crypto Scammers Rips Off Investors for Millions β
π Read
via "Threat Post".
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.π Read
via "Threat Post".
Threat Post
Squid Game Crypto Scammers Rip Off Investors for Millions
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.
π1
π΄ 44% of Parents Struggle to Follow Tech Rules They Set for Their Kids π΄
π Read
via "Dark Reading".
Parents perceive norms of behavior to be different for themselves and their children, according to Kaspersky..π Read
via "Dark Reading".
Dark Reading
44% of Parents Struggle to Follow Tech Rules They Set for Their Kids
Parents perceive norms of behavior to be different for themselves and their children, according to Kaspersky..
π΄ Microsoft Expands Security to AWS in Multicloud Push π΄
π Read
via "Dark Reading".
Microsoft will expand its cloud security tools to AWS within a suite called Defender for Cloud and launch a new Defender for Business in preview later this month.π Read
via "Dark Reading".
Dark Reading
Microsoft Expands Security to AWS in Multicloud Push
Microsoft will expand its cloud security tools to AWS within a suite called Defender for Cloud and launch a new Defender for Business in preview later this month.
π΄ Dragos Launches ServiceNowβs OT Asset Discovery App π΄
π Read
via "Dark Reading".
Integration with Dragos Platform will help joint customers to expand the visibility of ICS/OT assets.π Read
via "Dark Reading".
Dark Reading
Dragos Launches ServiceNowβs OT Asset Discovery App
Integration with Dragos Platform will help joint customers to expand the visibility of ICS/OT assets.
π΄ Vaultree Raises $3.3M for Encryption Solution π΄
π Read
via "Dark Reading".
The company's platform uses Enhanced Searchable Symmetric Encryption (ESSE) and Fully Homomorphic Encryption (FHE) technologies.π Read
via "Dark Reading".
Dark Reading
Vaultree Raises $3.3M for Encryption Solution
The company's platform uses Enhanced Searchable Symmetric Encryption (ESSE) and Fully Homomorphic Encryption (FHE) technologies.
π΄ The Executive Women's Forum on Information Security, Risk Management & Privacy Elects Three Board Advisers π΄
π Read
via "Dark Reading".
Security executives hail from Target, Eli Lilley, and SecurityCurve/SaltCybersecurity.π Read
via "Dark Reading".
Dark Reading
The Executive Women's Forum on Information Security, Risk Management & Privacy Elects Three Board Advisers
Security executives hail from Target, Eli Lilley, and SecurityCurve/SaltCybersecurity.
π¦Ώ Secure SSH logins with knockd π¦Ώ
π Read
via "Tech Republic".
You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
Secure SSH logins with knockd
You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. Jack Wallen shows you how.
βΌ CVE-2018-6058 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11215. Reason: This candidate is a reservation duplicate of CVE-2017-11215. Notes: All CVE users should reference CVE-2017-11215 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37978 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37980 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.π Read
via "National Vulnerability Database".