βΌ CVE-2021-42026 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31889 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)π Read
via "National Vulnerability Database".
βΌ CVE-2021-31885 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)π Read
via "National Vulnerability Database".
βΌ CVE-2021-42015 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31887 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the Γ’β¬ΕPWD/XPWDΓ’β¬οΏ½ command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)π Read
via "National Vulnerability Database".
βΌ CVE-2021-31345 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)π Read
via "National Vulnerability Database".
βΌ CVE-2021-31346 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)π Read
via "National Vulnerability Database".
β Multiple BusyBox Security Bugs Threaten Embedded Linux Devices β
π Read
via "Threat Post".
Researchers discovered 14 vulnerabilities in the βSwiss Army Knifeβ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.π Read
via "Threat Post".
Threat Post
Multiple BusyBox Security Bugs Threaten Embedded Linux Devices
Researchers discovered 14 vulnerabilities in the βSwiss Army Knifeβ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.
ποΈ Security breach at trading platform Robinhood sparks phishing fears ποΈ
π Read
via "The Daily Swig".
Social engineering attack exposes email addresses of five million investorsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security breach at trading platform Robinhood sparks phishing fears
Social engineering attack exposes email addresses of five million investors
β Robinhood Trading Platform Data Breach Hits 7M Customers β
π Read
via "Threat Post".
The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.π Read
via "Threat Post".
Threat Post
Robinhood Trading Platform Data Breach Hits 7M Customers
The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.
π΄ The State of the CISO π΄
π Read
via "Dark Reading".
Dark Reading survey shows security officer influence is on the rise.π Read
via "Dark Reading".
Dark Reading
The State of the CISO
Dark Reading survey shows security officer influence is on the rise.
π΄ Building Bridges to a More Secure Hybrid Workplace π΄
π Read
via "Dark Reading".
Wherever workers chose to do their jobs, they need technology that's unobtrusive, secure by design, and intuitive to use.π Read
via "Dark Reading".
Dark Reading
Building Bridges to a More Secure Hybrid Workplace
Wherever workers choose to do their jobs, they need technology that's unobtrusive, secure by design, and intuitive to use.
βΌ CVE-2021-43519 βΌ
π Read
via "National Vulnerability Database".
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3641 βΌ
π Read
via "National Vulnerability Database".
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43114 βΌ
π Read
via "National Vulnerability Database".
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.π Read
via "National Vulnerability Database".
βΌ CVE-2019-18916 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.π Read
via "National Vulnerability Database".
π΄ SafeBreach Closes $53.5 Million Series D in New Funding to Fuel Momentum π΄
π Read
via "Dark Reading".
The new capital will fuel the company's plans to expand its market footprint to new geographies and evolve its offerings in response to client needs.π Read
via "Dark Reading".
Dark Reading
SafeBreach Closes $53.5 Million Series D in New Funding to Fuel Momentum
The new capital will fuel the company's plans to expand its market footprint to new geographies and evolve its offerings in response to client needs.
ποΈ bZx crypto heist results in reported losses of more than $55 million ποΈ
π Read
via "The Daily Swig".
BSC and Polygon funds drained β but Ethereum contracts βsafeβ β following phishing attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
bZx crypto heist results in reported losses of more than $55 million
BSC and Polygon funds drained β but Ethereum contracts βsafeβ β following phishing attack
β The New Frontier of Enterprise Risk: Nth Parties β
π Read
via "Threat Post".
The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).π Read
via "Threat Post".
Threat Post
The New Frontier of Enterprise Risk: Nth Parties
The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).
β Security Tool Guts: How Much Should Customers See? β
π Read
via "Threat Post".
Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity toolsβ algorithms.π Read
via "Threat Post".
Threat Post
Security Tool Guts: How Much Should Customers See?
Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity toolsβ algorithms.
π¦Ώ US amps up war on ransomware with charges against REvil attackers π¦Ώ
π Read
via "Tech Republic".
One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large.π Read
via "Tech Republic".
TechRepublic
US amps up war on ransomware with charges against REvil attackers
One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large.