βΌ CVE-2021-32483 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30132 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29243 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22051 βΌ
π Read
via "National Vulnerability Database".
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37850 βΌ
π Read
via "National Vulnerability Database".
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32481 βΌ
π Read
via "National Vulnerability Database".
Cloudera Hue 4.6.0 allows XSS via the type parameter.π Read
via "National Vulnerability Database".
π΄ Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy π΄
π Read
via "Dark Reading".
Through this latest acquisition, the company adds two more California locations.π Read
via "Dark Reading".
Dark Reading
Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy
Through this latest acquisition, the company adds two more California locations.
ποΈ Mozilla disables βlow usageβ encryption feature to resolve Thunderbird HTTP/2 vulnerability ποΈ
π Read
via "The Daily Swig".
Multiple flaws in email client resolved with security updateπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mozilla disables βlow usageβ encryption feature to resolve Thunderbird HTTP/2 vulnerability
Multiple flaws in email client resolved with security update
β Zoho Password Manager Flaw Torched by Godzilla Webshell β
π Read
via "Threat Post".
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and [β¦]π Read
via "Threat Post".
Threat Post
Zohoβs ManageEngine Password Manager Flaw Torched by Godzilla Webshell
Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one thatβs breached defense, energy and healthcare organizations.
π΄ Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint π΄
π Read
via "Dark Reading".
Global business momentum and technical advancements position the Arctic Wolf platform as a category-defining Security Operations solutionπ Read
via "Dark Reading".
Dark Reading
Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint
Global business momentum and technical advancements position the Arctic Wolf platform as a category-defining Security Operations solution
π΄ Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated π΄
π Read
via "Dark Reading".
The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.π Read
via "Dark Reading".
Dark Reading
Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated
The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.
π΄ Banking Malware Threats Surging as Mobile Banking Increases β Nokia Threat Intelligence Report π΄
π Read
via "Dark Reading".
The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.π Read
via "Dark Reading".
Dark Reading
Banking Malware Threats Surging as Mobile Banking Increases β Nokia Threat Intelligence Report
The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentialsβ¦
βΌ CVE-2021-41733 βΌ
π Read
via "National Vulnerability Database".
Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28023 βΌ
π Read
via "National Vulnerability Database".
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28024 βΌ
π Read
via "National Vulnerability Database".
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25979 βΌ
π Read
via "National Vulnerability Database".
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42770 βΌ
π Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28022 βΌ
π Read
via "National Vulnerability Database".
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39182 βΌ
π Read
via "National Vulnerability Database".
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.π Read
via "National Vulnerability Database".
ποΈ Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits ποΈ
π Read
via "The Daily Swig".
French team takes home nearly $200k in winnings as event uncovers 61 zero daysπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits
French team takes home nearly $200k in winnings as event uncovers 61 zero days