βΌ CVE-2021-34597 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25366 βΌ
π Read
via "National Vulnerability Database".
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42624 βΌ
π Read
via "National Vulnerability Database".
A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.π Read
via "National Vulnerability Database".
β Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar β
π Read
via "Threat Post".
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victimsβ machines to steal credentials and personal info.π Read
via "Threat Post".
Threat Post
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victimsβ machines to steal credentials and personal info.
ποΈ Human rights activists condemn mass denial of service as Sudanβs nationwide internet shutdown enters second week ποΈ
π Read
via "The Daily Swig".
βAll mobile internet networks are completely cut off,β one journalist on the ground tells The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Human rights activists condemn mass denial of service as Sudanβs nationwide internet shutdown enters second week
βAll mobile internet networks are completely cut off,β one journalist on the ground tells The Daily Swig
π΄ Having Trouble Finding Cybersecurity Talent? You Might Be the Problem π΄
π Read
via "Dark Reading".
Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.π Read
via "Dark Reading".
Dark Reading
Having Trouble Finding Cybersecurity Talent? You Might Be the Problem
Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.
ποΈ Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software ποΈ
π Read
via "The Daily Swig".
Penetration test reveals severe issues in Hitachi Vantaraβs business solutionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software
Penetration test reveals severe issues in Hitachi Vantaraβs business solution
π΄ How to Avoid Another Let's Encrypt-Like Meltdown π΄
π Read
via "Dark Reading".
Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.π Read
via "Dark Reading".
Dark Reading
How to Avoid Another Let's Encrypt-Like Meltdown
Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.
π΄ Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance π΄
π Read
via "Dark Reading".
The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.π Read
via "Dark Reading".
Dark Reading
Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance
The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.
β Critical Linux Kernel Bug Allows Remote Takeover β
π Read
via "Threat Post".
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.π Read
via "Threat Post".
Threat Post
Critical Linux Kernel Bug Allows Remote Takeover
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
β Free Discord Nitro Offer Used to Steal Steam Credentials β
π Read
via "Threat Post".
A fake Steam pop-up prompts users to βlinkβ Discord account for free Nitro subs.π Read
via "Threat Post".
Threat Post
Free Discord Nitro Offer Used to Steal Steam Credentials
A fake Steam pop-up prompts users to βlinkβ Discord account for free Nitro subs.
ποΈ Majority of consumer IoT vendors still lack vulnerability disclosure programs β report ποΈ
π Read
via "The Daily Swig".
Dismal findings appear to vindicate global efforts to regulate the sectorπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Majority of consumer IoT vendors still lack vulnerability disclosure programs β report
Dismal findings appear to vindicate global efforts to regulate the sector
ποΈ US federal agencies ordered to patch hundreds of actively exploited vulnerabilities ποΈ
π Read
via "The Daily Swig".
CISA directive establishes tight patching deadlinesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US federal agencies ordered to patch hundreds of actively exploited vulnerabilities
CISA directive establishes tight patching deadlines
π¦Ώ US government orders federal agencies to patch 100s of vulnerabilities π¦Ώ
π Read
via "Tech Republic".
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.π Read
via "Tech Republic".
TechRepublic
US government orders federal agencies to patch 100s of vulnerabilities
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.
π¦Ώ 2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts π¦Ώ
π Read
via "Tech Republic".
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.π Read
via "Tech Republic".
TechRepublic
2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts | TechRepublic
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.
βοΈ βTis the Season for the Wayward Package Phish βοΈ
π Read
via "Krebs on Security".
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.π Read
via "Krebs on Security".
Krebsonsecurity
βTis the Season for the Wayward Package Phish
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishingβ¦
β Facebook to throw out face recognition, delete all template data β
π Read
via "Naked Security".
Publicity stunt? Or privacy progress?π Read
via "Naked Security".
Naked Security
Facebook to throw out face recognition, delete all template data
Publicity stunt? Or privacy progress?
β S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
Latest episode β listen now!
β US Blacklists Pegasus Spyware Maker β
π Read
via "Threat Post".
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.π Read
via "Threat Post".
Threat Post
US Bans Trade With Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.
β 3 Guideposts for Building a Better Incident-Response Plan β
π Read
via "Threat Post".
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.π Read
via "Threat Post".
Threat Post
3 Guideposts for Building a Better Incident-Response Plan
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
βΌ CVE-2021-40115 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".