βΌ CVE-2021-42665 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42670 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.π Read
via "National Vulnerability Database".
π¦Ώ Voice phishing attack spoofs Amazon to steal credit card information π¦Ώ
π Read
via "Tech Republic".
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.π Read
via "Tech Republic".
TechRepublic
Voice phishing attack spoofs Amazon to steal credit card information
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.
ποΈ Cisco patches critical bug trio in Policy Suite and ONT networking devices ποΈ
π Read
via "The Daily Swig".
Critical severity bugs disclosed by networking titanπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco patches critical bug trio in Policy Suite and ONT networking devices
Critical severity bugs disclosed by networking titan
β Proofpoint Phish Harvests Microsoft O365, Google Logins β
π Read
via "Threat Post".
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.π Read
via "Threat Post".
Threat Post
Proofpoint Phish Harvests Microsoft O365, Google Logins
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.
π΄ To Secure DevOps, Security Teams Must be Agile π΄
π Read
via "Dark Reading".
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.π Read
via "Dark Reading".
Dark Reading
To Secure DevOps, Security Teams Must be Agile
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.
ποΈ Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change ποΈ
π Read
via "The Daily Swig".
Years-old WAF bypass flaw was discovered in Juneπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change
Years-old WAF bypass flaw was discovered in June
β Google Ads for Faux Cryptowallets Net Scammers At Least $500K β
π Read
via "Threat Post".
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. π Read
via "Threat Post".
Threat Post
Google Ads for Faux Cryptowallets Net Scammers At Least $500K
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
π¦Ώ US government unveils $10 million bounty for DarkSide ransomware gang leaders π¦Ώ
π Read
via "Tech Republic".
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.π Read
via "Tech Republic".
TechRepublic
US government unveils $10 million bounty for DarkSide ransomware gang leaders
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.
βΌ CVE-2021-3924 βΌ
π Read
via "National Vulnerability Database".
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3928 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Stack-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3916 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')π Read
via "National Vulnerability Database".
βΌ CVE-2021-39412 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3927 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39411 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.π Read
via "National Vulnerability Database".
π Faraday 3.18.1 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.18.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Beyond the Basics: Tips for Building Advanced Ransomware Resiliency β
π Read
via "Threat Post".
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.π Read
via "Threat Post".
Threat Post
Beyond the Basics: Tips for Building Advanced Ransomware Resiliency
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.
β BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released β
π Read
via "Threat Post".
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices β phones, PCs, toys, etc. β to DoS & code execution.π Read
via "Threat Post".
Threat Post
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices β phones, PCs, toys, etc. β to DoS & code execution.
π Friday Five 11/5 π
π Read
via "".
The U.S. blacklists four companies for malicious cyber activities, a ransomware group shuts down, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 11/5
$10 million for ransomware intel, four companies blacklisted for malicious cyber activities, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!
β βCustomer complaintβ email scam preys on your fear of getting into trouble at work β
π Read
via "Naked Security".
Stop. Think. Connect. Don't let the crooks trick you into acting in haste.π Read
via "Naked Security".
Naked Security
βCustomer complaintβ email scam preys on your fear of getting into trouble at work
Stop. Think. Connect. Donβt let the crooks trick you into acting in haste.
β S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
Latest episode β listen now!