π¦Ώ 2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts π¦Ώ
π Read
via "Tech Republic".
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.π Read
via "Tech Republic".
TechRepublic
2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts | TechRepublic
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.
βοΈ βTis the Season for the Wayward Package Phish βοΈ
π Read
via "Krebs on Security".
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.π Read
via "Krebs on Security".
Krebsonsecurity
βTis the Season for the Wayward Package Phish
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishingβ¦
β Facebook to throw out face recognition, delete all template data β
π Read
via "Naked Security".
Publicity stunt? Or privacy progress?π Read
via "Naked Security".
Naked Security
Facebook to throw out face recognition, delete all template data
Publicity stunt? Or privacy progress?
β S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
Latest episode β listen now!
β US Blacklists Pegasus Spyware Maker β
π Read
via "Threat Post".
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.π Read
via "Threat Post".
Threat Post
US Bans Trade With Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.
β 3 Guideposts for Building a Better Incident-Response Plan β
π Read
via "Threat Post".
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.π Read
via "Threat Post".
Threat Post
3 Guideposts for Building a Better Incident-Response Plan
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
βΌ CVE-2021-40115 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21687 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34774 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21688 βΌ
π Read
via "National Vulnerability Database".
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).π Read
via "National Vulnerability Database".
βΌ CVE-2021-21685 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1500 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21689 βΌ
π Read
via "National Vulnerability Database".
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40113 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21690 βΌ
π Read
via "National Vulnerability Database".
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34701 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34784 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21698 βΌ
π Read
via "National Vulnerability Database".
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40112 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40119 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40124 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.π Read
via "National Vulnerability Database".