ποΈ Dangerous uXSS bug in Google Chromeβs βNew Tabβ page bypassed security features ποΈ
π Read
via "The Daily Swig".
βChromeβs NTP only has a really weak CSP that doesnβt mitigate XSSβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dangerous XSS bug in Google Chromeβs βNew Tabβ page bypassed security features
βChromeβs New Tab page only has a really weak CSP that doesnβt mitigate XSSβ
π¦Ώ Report: More than half of organizations do not effectively defend against cyberattacks π¦Ώ
π Read
via "Tech Republic".
Accenture's State of Cyber Resilience study also revealed key traits of cyber resilient leaders. The report found an average of 270 attacks per year per company.π Read
via "Tech Republic".
TechRepublic
Report: More than half of organizations do not effectively defend against cyberattacks
Accenture's State of Cyber Resilience study also revealed key traits of cyber resilient leaders. The report found an average of 270 attacks per year per company.
βΌ CVE-2021-43130 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43324 βΌ
π Read
via "National Vulnerability Database".
LibreNMS through 21.10.2 allows XSS via a widget title.π Read
via "National Vulnerability Database".
ποΈ Mozilla debuts Site Isolation technology with Firefox update ποΈ
π Read
via "The Daily Swig".
Sandboxing technology levels up browser securityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mozilla debuts Site Isolation technology with Firefox update
Sandboxing technology levels up browser security
β Predicting the Next OWASP API Security Top 10 β
π Read
via "Threat Post".
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.π Read
via "Threat Post".
Threat Post
Predicting the Next OWASP API Security Top 10
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
π΄ Is Sandboxing Dead? π΄
π Read
via "Dark Reading".
Organizations should start to evaluate other security measures to replace or complement the once-venerable security sandbox.π Read
via "Dark Reading".
Dark Reading
Is Sandboxing Dead?
Organizations should start to evaluate other security measures to replace or complement the once-venerated security sandbox.
β Facebook to throw out face recognition, delete all template data β
π Read
via "Naked Security".
Publicity stunt? Or privacy progress?π Read
via "Naked Security".
Naked Security
Facebook to throw out face recognition, delete all template data
Publicity stunt? Or privacy progress?
β Europol announces βtargetingβ of 12 suspects in ransomware attacks β
π Read
via "Naked Security".
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.π Read
via "Naked Security".
Naked Security
Europol announces βtargetingβ of 12 suspects in ransomware attacks
More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.
π CISA: Patch These Bugs Now π
π Read
via "".
CISA is giving federal agencies between two weeks and six months to patch known exploited vulnerabilities.π Read
via "".
Digital Guardian
CISA: Patch These Bugs Now
CISA is giving federal agencies between two weeks and six months to patch known exploited vulnerabilities.
π Clam AntiVirus Toolkit 0.104.1 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.104.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-37147 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41585 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26786 βΌ
π Read
via "National Vulnerability Database".
An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23680 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20982 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40985 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38161 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23126 βΌ
π Read
via "National Vulnerability Database".
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27836 βΌ
π Read
via "National Vulnerability Database".
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37149 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.π Read
via "National Vulnerability Database".