βΌ CVE-2021-37149 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23109 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37148 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24743 βΌ
π Read
via "National Vulnerability Database".
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43082 βΌ
π Read
via "National Vulnerability Database".
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24000 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23679 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.π Read
via "National Vulnerability Database".
β βTortillaβ Wraps Exchange Servers in ProxyShell Attacks β
π Read
via "Threat Post".
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor.π Read
via "Threat Post".
Threat Post
βTortillaβ Wraps Exchange Servers in ProxyShell Attacks
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor.
π¦Ώ Data and the policies that protect it: 4 essential plans to have in place π¦Ώ
π Read
via "Tech Republic".
These four sample policies can help you protect your data by ensuring it's properly encrypted, stored safely, only accessible by certain people, and securely backed up.π Read
via "Tech Republic".
TechRepublic
Data and the policies that protect it: 4 essential plans to have in place
These four sample policies can help you protect your data by ensuring it's properly encrypted, stored safely, only accessible by certain people, and securely backed up.
π¦Ώ BlackMatter ransomware gang allegedly disbanding due to pressure from authorities π¦Ώ
π Read
via "Tech Republic".
Operators of the ransomware-as-a-service group are claiming that the project is closed and that their entire infrastructure will be turned off.π Read
via "Tech Republic".
TechRepublic
BlackMatter ransomware gang allegedly disbanding due to pressure from authorities
Operators of the ransomware-as-a-service group are claiming that the project is closed and that their entire infrastructure will be turned off.
π΄ Infosec and Business Alignment Lowers Breach Cost, Boosts Security π΄
π Read
via "Dark Reading".
As attacks and security budgets continue to rise, data shows the most secure organizations are the ones that strike a security-business balance.π Read
via "Dark Reading".
Dark Reading
Infosec and Business Alignment Lowers Breach Cost, Boosts Security
As attacks and security budgets continue to rise, data shows the most secure organizations are the ones that strike a security-business balance.
β Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign β
π Read
via "Threat Post".
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.π Read
via "Threat Post".
Threat Post
Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.
π΄ Where is Cloud Permissions Management headed? π΄
π Read
via "Dark Reading".
Cloud Permissions Management emerged as a standalone cloud security technology, but is quickly becoming part of a broader set of capabilitiesπ Read
via "Dark Reading".
Dark Reading
Where Is Cloud Permissions Management Headed?
Cloud permissions management emerged as a standalone cloud security technology but is quickly becoming part of a broader set of capabilities
π΄ US Blacklists Israeli Firms NSO Group and Candiru π΄
π Read
via "Dark Reading".
The US Commerce Department has also added Russia's Positive Technologies and Singapore's Computer Security Initiative Consultancy.π Read
via "Dark Reading".
Dark Reading
US Blacklists Israeli Firms NSO Group and Candiru
The US Commerce Department has also added Russia's Positive Technologies and Singapore's Computer Security Initiative Consultancy.
βΌ CVE-2021-23624 βΌ
π Read
via "National Vulnerability Database".
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23472 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18263 βΌ
π Read
via "National Vulnerability Database".
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23509 βΌ
π Read
via "National Vulnerability Database".
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18259 βΌ
π Read
via "National Vulnerability Database".
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23807 βΌ
π Read
via "National Vulnerability Database".
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18262 βΌ
π Read
via "National Vulnerability Database".
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.π Read
via "National Vulnerability Database".