π΄ How to Avoid Another Let's Encrypt-Like Meltdown π΄
π Read
via "Dark Reading".
Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.π Read
via "Dark Reading".
Dark Reading
How to Avoid Another Let's Encrypt-Like Meltdown
Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.
π΄ Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance π΄
π Read
via "Dark Reading".
The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.π Read
via "Dark Reading".
Dark Reading
Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance
The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.
β Critical Linux Kernel Bug Allows Remote Takeover β
π Read
via "Threat Post".
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.π Read
via "Threat Post".
Threat Post
Critical Linux Kernel Bug Allows Remote Takeover
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
β Free Discord Nitro Offer Used to Steal Steam Credentials β
π Read
via "Threat Post".
A fake Steam pop-up prompts users to βlinkβ Discord account for free Nitro subs.π Read
via "Threat Post".
Threat Post
Free Discord Nitro Offer Used to Steal Steam Credentials
A fake Steam pop-up prompts users to βlinkβ Discord account for free Nitro subs.
ποΈ Majority of consumer IoT vendors still lack vulnerability disclosure programs β report ποΈ
π Read
via "The Daily Swig".
Dismal findings appear to vindicate global efforts to regulate the sectorπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Majority of consumer IoT vendors still lack vulnerability disclosure programs β report
Dismal findings appear to vindicate global efforts to regulate the sector
ποΈ US federal agencies ordered to patch hundreds of actively exploited vulnerabilities ποΈ
π Read
via "The Daily Swig".
CISA directive establishes tight patching deadlinesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US federal agencies ordered to patch hundreds of actively exploited vulnerabilities
CISA directive establishes tight patching deadlines
π¦Ώ US government orders federal agencies to patch 100s of vulnerabilities π¦Ώ
π Read
via "Tech Republic".
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.π Read
via "Tech Republic".
TechRepublic
US government orders federal agencies to patch 100s of vulnerabilities
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.
π¦Ώ 2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts π¦Ώ
π Read
via "Tech Republic".
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.π Read
via "Tech Republic".
TechRepublic
2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts | TechRepublic
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.
βοΈ βTis the Season for the Wayward Package Phish βοΈ
π Read
via "Krebs on Security".
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.π Read
via "Krebs on Security".
Krebsonsecurity
βTis the Season for the Wayward Package Phish
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishingβ¦
β Facebook to throw out face recognition, delete all template data β
π Read
via "Naked Security".
Publicity stunt? Or privacy progress?π Read
via "Naked Security".
Naked Security
Facebook to throw out face recognition, delete all template data
Publicity stunt? Or privacy progress?
β S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
Latest episode β listen now!
β US Blacklists Pegasus Spyware Maker β
π Read
via "Threat Post".
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.π Read
via "Threat Post".
Threat Post
US Bans Trade With Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.
β 3 Guideposts for Building a Better Incident-Response Plan β
π Read
via "Threat Post".
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.π Read
via "Threat Post".
Threat Post
3 Guideposts for Building a Better Incident-Response Plan
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
βΌ CVE-2021-40115 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21687 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34774 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21688 βΌ
π Read
via "National Vulnerability Database".
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).π Read
via "National Vulnerability Database".
βΌ CVE-2021-21685 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1500 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21689 βΌ
π Read
via "National Vulnerability Database".
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40113 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".