‼ CVE-2021-42237 ‼
📖 Read
via "National Vulnerability Database".
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42662 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26844 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe.📖 Read
via "National Vulnerability Database".
❌ Feds Offer $10 Million Bounty for DarkSide Info ❌
📖 Read
via "Threat Post".
The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.📖 Read
via "Threat Post".
Threat Post
Feds Offer $10 Million Bounty for DarkSide Info
The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.
🕴 4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks 🕴
📖 Read
via "Dark Reading".
The first step in improving your cybersecurity is understanding your risk of attack.📖 Read
via "Dark Reading".
Dark Reading
4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks
The first step in improving your cybersecurity is understanding your risk of attack.
‼ CVE-2021-42669 ‼
📖 Read
via "National Vulnerability Database".
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42666 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42671 ‼
📖 Read
via "National Vulnerability Database".
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42667 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42663 ‼
📖 Read
via "National Vulnerability Database".
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42664 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42668 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42665 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42670 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
🦿 Voice phishing attack spoofs Amazon to steal credit card information 🦿
📖 Read
via "Tech Republic".
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.📖 Read
via "Tech Republic".
TechRepublic
Voice phishing attack spoofs Amazon to steal credit card information
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.
🗓️ Cisco patches critical bug trio in Policy Suite and ONT networking devices 🗓️
📖 Read
via "The Daily Swig".
Critical severity bugs disclosed by networking titan📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco patches critical bug trio in Policy Suite and ONT networking devices
Critical severity bugs disclosed by networking titan
❌ Proofpoint Phish Harvests Microsoft O365, Google Logins ❌
📖 Read
via "Threat Post".
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.📖 Read
via "Threat Post".
Threat Post
Proofpoint Phish Harvests Microsoft O365, Google Logins
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.
🕴 To Secure DevOps, Security Teams Must be Agile 🕴
📖 Read
via "Dark Reading".
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.📖 Read
via "Dark Reading".
Dark Reading
To Secure DevOps, Security Teams Must be Agile
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.
🗓️ Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change 🗓️
📖 Read
via "The Daily Swig".
Years-old WAF bypass flaw was discovered in June📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change
Years-old WAF bypass flaw was discovered in June
❌ Google Ads for Faux Cryptowallets Net Scammers At Least $500K ❌
📖 Read
via "Threat Post".
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. 📖 Read
via "Threat Post".
Threat Post
Google Ads for Faux Cryptowallets Net Scammers At Least $500K
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
🦿 US government unveils $10 million bounty for DarkSide ransomware gang leaders 🦿
📖 Read
via "Tech Republic".
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.📖 Read
via "Tech Republic".
TechRepublic
US government unveils $10 million bounty for DarkSide ransomware gang leaders
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.