βΌ CVE-2021-33209 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33210 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36192 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.π Read
via "National Vulnerability Database".
β Report: BlackMatter Ransomware Gang Goes Dark, Again β
π Read
via "Threat Post".
The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.π Read
via "Threat Post".
Threat Post
Report: BlackMatter Ransomware Gang Goes Dark, Again
The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.
π¦Ώ Ransomware gangs leaking sensitive financial information to extort organizations π¦Ώ
π Read
via "Tech Republic".
Attackers will threaten to release confidential data that could affect a company's stock price to pressure them to pay the ransom, says the FBI.π Read
via "Tech Republic".
TechRepublic
Ransomware gangs leaking sensitive financial information to extort organizations
Attackers will threaten to release confidential data that could affect a company's stock price to pressure them to pay the ransom, says the FBI.
π¦Ώ Digital natives more likely to fall for phishing attacks at work than their Gen X and Boomer colleagues π¦Ώ
π Read
via "Tech Republic".
SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions.π Read
via "Tech Republic".
TechRepublic
Digital natives more likely to fall for phishing attacks at work than their Gen X and Boomer colleagues
SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions.
π¦Ώ Rootkits: Expensive to build, cheap to rent π¦Ώ
π Read
via "Tech Republic".
Positive Technology analysts found ready-made malware for any budget as well as the option to have a custom-build rootkit on Dark Web forums.π Read
via "Tech Republic".
TechRepublic
Rootkits: Expensive to build, cheap to rent
Positive Technology analysts found ready-made malware for any budget as well as the option to have a custom-build rootkit on Dark Web forums.
ποΈ RCE vulnerability found in Sitecore enterprise CMS software ποΈ
π Read
via "The Daily Swig".
Vendor update is available nowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RCE vulnerability found in Sitecore enterprise CMS software
Vendor update is available now
π΄ Risk Quantification: A Powerful Tool in Your Cyberthreat Defense Arsenal π΄
π Read
via "Dark Reading".
Three ways that understanding your cyber-risk in real dollars can help your organization survive the threat of ransomware and other attacks.π Read
via "Dark Reading".
Dark Reading
Risk Quantification: A Powerful Tool in Your Cyberthreat Defense Arsenal
Three ways that understanding your cyber-risk in real dollars can help your organization survive the threat of ransomware and other attacks.
βΌ CVE-2021-36697 βΌ
π Read
via "National Vulnerability Database".
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36698 βΌ
π Read
via "National Vulnerability Database".
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.π Read
via "National Vulnerability Database".
π΄ Valtix Delivers Free Cloud Security for Departmental, Development, and Test Applications π΄
π Read
via "Dark Reading".
Company aims to make cloud network security more accessible to all organizations.π Read
via "Dark Reading".
Dark Reading
Valtix Delivers Free Cloud Security for Departmental, Development, and Test Applications
Company aims to make cloud network security more accessible to all organizations.
ποΈ Dangerous uXSS bug in Google Chromeβs βNew Tabβ page bypassed security features ποΈ
π Read
via "The Daily Swig".
βChromeβs NTP only has a really weak CSP that doesnβt mitigate XSSβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dangerous XSS bug in Google Chromeβs βNew Tabβ page bypassed security features
βChromeβs New Tab page only has a really weak CSP that doesnβt mitigate XSSβ
π¦Ώ Report: More than half of organizations do not effectively defend against cyberattacks π¦Ώ
π Read
via "Tech Republic".
Accenture's State of Cyber Resilience study also revealed key traits of cyber resilient leaders. The report found an average of 270 attacks per year per company.π Read
via "Tech Republic".
TechRepublic
Report: More than half of organizations do not effectively defend against cyberattacks
Accenture's State of Cyber Resilience study also revealed key traits of cyber resilient leaders. The report found an average of 270 attacks per year per company.
βΌ CVE-2021-43130 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43324 βΌ
π Read
via "National Vulnerability Database".
LibreNMS through 21.10.2 allows XSS via a widget title.π Read
via "National Vulnerability Database".
ποΈ Mozilla debuts Site Isolation technology with Firefox update ποΈ
π Read
via "The Daily Swig".
Sandboxing technology levels up browser securityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mozilla debuts Site Isolation technology with Firefox update
Sandboxing technology levels up browser security
β Predicting the Next OWASP API Security Top 10 β
π Read
via "Threat Post".
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.π Read
via "Threat Post".
Threat Post
Predicting the Next OWASP API Security Top 10
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
π΄ Is Sandboxing Dead? π΄
π Read
via "Dark Reading".
Organizations should start to evaluate other security measures to replace or complement the once-venerable security sandbox.π Read
via "Dark Reading".
Dark Reading
Is Sandboxing Dead?
Organizations should start to evaluate other security measures to replace or complement the once-venerated security sandbox.
β Facebook to throw out face recognition, delete all template data β
π Read
via "Naked Security".
Publicity stunt? Or privacy progress?π Read
via "Naked Security".
Naked Security
Facebook to throw out face recognition, delete all template data
Publicity stunt? Or privacy progress?
β Europol announces βtargetingβ of 12 suspects in ransomware attacks β
π Read
via "Naked Security".
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.π Read
via "Naked Security".
Naked Security
Europol announces βtargetingβ of 12 suspects in ransomware attacks
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.