βΌ CVE-2021-37850 βΌ
π Read
via "National Vulnerability Database".
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32481 βΌ
π Read
via "National Vulnerability Database".
Cloudera Hue 4.6.0 allows XSS via the type parameter.π Read
via "National Vulnerability Database".
π΄ Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy π΄
π Read
via "Dark Reading".
Through this latest acquisition, the company adds two more California locations.π Read
via "Dark Reading".
Dark Reading
Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy
Through this latest acquisition, the company adds two more California locations.
ποΈ Mozilla disables βlow usageβ encryption feature to resolve Thunderbird HTTP/2 vulnerability ποΈ
π Read
via "The Daily Swig".
Multiple flaws in email client resolved with security updateπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mozilla disables βlow usageβ encryption feature to resolve Thunderbird HTTP/2 vulnerability
Multiple flaws in email client resolved with security update
β Zoho Password Manager Flaw Torched by Godzilla Webshell β
π Read
via "Threat Post".
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and [β¦]π Read
via "Threat Post".
Threat Post
Zohoβs ManageEngine Password Manager Flaw Torched by Godzilla Webshell
Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one thatβs breached defense, energy and healthcare organizations.
π΄ Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint π΄
π Read
via "Dark Reading".
Global business momentum and technical advancements position the Arctic Wolf platform as a category-defining Security Operations solutionπ Read
via "Dark Reading".
Dark Reading
Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint
Global business momentum and technical advancements position the Arctic Wolf platform as a category-defining Security Operations solution
π΄ Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated π΄
π Read
via "Dark Reading".
The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.π Read
via "Dark Reading".
Dark Reading
Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated
The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.
π΄ Banking Malware Threats Surging as Mobile Banking Increases β Nokia Threat Intelligence Report π΄
π Read
via "Dark Reading".
The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.π Read
via "Dark Reading".
Dark Reading
Banking Malware Threats Surging as Mobile Banking Increases β Nokia Threat Intelligence Report
The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentialsβ¦
βΌ CVE-2021-41733 βΌ
π Read
via "National Vulnerability Database".
Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28023 βΌ
π Read
via "National Vulnerability Database".
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28024 βΌ
π Read
via "National Vulnerability Database".
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25979 βΌ
π Read
via "National Vulnerability Database".
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42770 βΌ
π Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28022 βΌ
π Read
via "National Vulnerability Database".
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39182 βΌ
π Read
via "National Vulnerability Database".
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.π Read
via "National Vulnerability Database".
ποΈ Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits ποΈ
π Read
via "The Daily Swig".
French team takes home nearly $200k in winnings as event uncovers 61 zero daysπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits
French team takes home nearly $200k in winnings as event uncovers 61 zero days
βΌ CVE-2021-24706 βΌ
π Read
via "National Vulnerability Database".
The Qwizcards ΓΒ’Γ’β¬Òβ¬Ε online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29843 βΌ
π Read
via "National Vulnerability Database".
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24627 βΌ
π Read
via "National Vulnerability Database".
The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24816 βΌ
π Read
via "National Vulnerability Database".
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.π Read
via "National Vulnerability Database".