β βCustomer complaintβ email scam preys on your fear of getting into trouble at work β
π Read
via "Naked Security".
Stop. Think. Connect. Don't let the crooks trick you into acting in haste.π Read
via "Naked Security".
Naked Security
βCustomer complaintβ email scam preys on your fear of getting into trouble at work
Stop. Think. Connect. Donβt let the crooks trick you into acting in haste.
β S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
Latest episode β listen now!
π΄ How InfoSec Should Use the Minimum Viable Secure Product Checklist π΄
π Read
via "Dark Reading".
Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.π Read
via "Dark Reading".
Dark Reading
How InfoSec Should Use the Minimum Viable Secure Product Checklist
Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.
βΌ CVE-2021-42699 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the userΓ’β¬β’s cookie and take over the account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23566 βΌ
π Read
via "National Vulnerability Database".
Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42698 βΌ
π Read
via "National Vulnerability Database".
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42701 βΌ
π Read
via "National Vulnerability Database".
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the userΓ’β¬β’s cloud account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39416 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23567 βΌ
π Read
via "National Vulnerability Database".
Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea"π Read
via "National Vulnerability Database".
βΌ CVE-2021-42543 βΌ
π Read
via "National Vulnerability Database".
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39413 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23565 βΌ
π Read
via "National Vulnerability Database".
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".π Read
via "National Vulnerability Database".
β Native Tribal Casinos Taking Millions in Ransomware Losses β
π Read
via "Threat Post".
An FBI notification is warning of an uptick in attacks against tribal casinos.π Read
via "Threat Post".
Threat Post
Native Tribal Casinos Taking Millions in Ransomware Losses
An FBI notification is warning of an uptick in attacks against tribal casinos.
βΌ CVE-2021-43404 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29753 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42837 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35368 βΌ
π Read
via "National Vulnerability Database".
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43405 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43406 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).π Read
via "National Vulnerability Database".
π¦Ώ Track data activity before "unusual" becomes "dangerous" π¦Ώ
π Read
via "Tech Republic".
A security expert raises concerns that a lack of identifying and tracking unusual data activity can have dangerous consequences.π Read
via "Tech Republic".
TechRepublic
Cybersecurity: Track data activity before "unusual" becomes dangerous
A security expert raises concerns that a lack of identifying and tracking unusual data activity can have dangerous consequences.
π΄ US Defense Contractor Discloses Data Breach π΄
π Read
via "Dark Reading".
Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.π Read
via "Dark Reading".
Dark Reading
US Defense Contractor Discloses Data Breach
Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.