‼ CVE-2021-38491 ‼
📖 Read
via "National Vulnerability Database".
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20707 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to read files upload via network..📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27820 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38499 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38494 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20135 ‼
📖 Read
via "National Vulnerability Database".
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29991 ‼
📖 Read
via "National Vulnerability Database".
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41036 ‼
📖 Read
via "National Vulnerability Database".
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20705 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38493 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38502 ‼
📖 Read
via "National Vulnerability Database".
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29993 ‼
📖 Read
via "National Vulnerability Database".
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38492 ‼
📖 Read
via "National Vulnerability Database".
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.📖 Read
via "National Vulnerability Database".
🕴 Simulation Game Teaches Non-Security Staff How to Handle a Cyber Crisis 🕴
📖 Read
via "Dark Reading".
In this card-based game from Kaspersky, players work through a cyberattack scenario and learn how each decision they make has consequences.📖 Read
via "Dark Reading".
Dark Reading
Simulation Game Teaches Non-Security Staff How to Handle a Cyber Crisis
In this card-based game from Kaspersky, players work through a cyberattack scenario and learn how each decision they make has consequences.
‼ CVE-2021-40849 ‼
📖 Read
via "National Vulnerability Database".
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40848 ‼
📖 Read
via "National Vulnerability Database".
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33209 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33210 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36192 ‼
📖 Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.📖 Read
via "National Vulnerability Database".
❌ Report: BlackMatter Ransomware Gang Goes Dark, Again ❌
📖 Read
via "Threat Post".
The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.📖 Read
via "Threat Post".
Threat Post
Report: BlackMatter Ransomware Gang Goes Dark, Again
The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.
🦿 Ransomware gangs leaking sensitive financial information to extort organizations 🦿
📖 Read
via "Tech Republic".
Attackers will threaten to release confidential data that could affect a company's stock price to pressure them to pay the ransom, says the FBI.📖 Read
via "Tech Republic".
TechRepublic
Ransomware gangs leaking sensitive financial information to extort organizations
Attackers will threaten to release confidential data that could affect a company's stock price to pressure them to pay the ransom, says the FBI.