π΄ Dark Reading Video News Desk Comes to Black Hat Europe π΄
π Read
via "Dark Reading".
While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.π Read
via "Dark Reading".
Dark Reading
Dark Reading Video News Desk Comes to Black Hat Europe
While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.
ποΈ Black Hat Europe: Laws and regulations need to change to secure worldβs digital infrastructure ποΈ
π Read
via "The Daily Swig".
Better incentives to build secure products needed, former MEP tells conferenceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat Europe: Laws and regulations need to change to secure worldβs digital infrastructure
Better incentives to build secure products needed, former MEP tells conference
β New Android Spyware Poses Pegasus-Like Threat β
π Read
via "Threat Post".
PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.π Read
via "Threat Post".
Threat Post
New Android Spyware Poses Pegasus-Like Threat
PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.
π΄ Researcher Details Vulnerabilities Found in AWS API Gateway π΄
π Read
via "Dark Reading".
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.π Read
via "Dark Reading".
Dark Reading
Researcher Details Vulnerabilities Found in AWS API Gateway
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
π΄ 4 Tips to Secure the OT Cybersecurity Budget You Require π΄
π Read
via "Dark Reading".
OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late.π Read
via "Dark Reading".
Dark Reading
4 Tips to Secure the OT Cybersecurity Budget You Require
OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late.
π΄ Securing the Public: Who Should Take Charge? π΄
π Read
via "Dark Reading".
International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure.π Read
via "Dark Reading".
Dark Reading
Securing the Public: Who Should Take Charge?
International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure.
π¦Ώ How healthcare organizations and patients are increasingly at risk from cyber threats π¦Ώ
π Read
via "Tech Republic".
A majority of IT pros working at hospitals who were surveyed by Armis said they've seen a rise in cyber risk over the past 12 months.π Read
via "Tech Republic".
TechRepublic
How healthcare organizations and patients are increasingly at risk from cyber threats
A majority of IT pros working at hospitals who were surveyed by Armis said they've seen a rise in cyber risk over the past 12 months.
π΄ CISA and State and Local Partners Test Emergency Response Plans at Chevron Salt Lake Refinery π΄
π Read
via "Dark Reading".
The exercise included several objectives related to response procedures at the refinery, including evacuation and shelter-in-place decision-making; roles and responsibilities during investigations; communication with first responders; and public messaging before and following an incident.π Read
via "Dark Reading".
Dark Reading
CISA and State and Local Partners Test Emergency Response Plans at Chevron Salt Lake Refinery
The exercise included several objectives related to response procedures at the refinery, including evacuation and shelter-in-place decision-making; roles and responsibilities during investigations; communication with first responders; and public messagingβ¦
ποΈ Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters ποΈ
π Read
via "The Daily Swig".
Researchers urge developers to secure code by disallowing non-ASCII charactersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters
Researchers urge developers to secure code by disallowing non-ASCII characters
β Massive Zero Day Hole Found in Palo Alto Security Appliances β
π Read
via "Threat Post".
Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.π Read
via "Threat Post".
Threat Post
Massive Zero-Day Hole Found in Palo Alto Security Appliances
Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
β Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more! β
π Read
via "Naked Security".
The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.π Read
via "Naked Security".
Naked Security
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
The crooks have shown that theyβre willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.
βΌ CVE-2021-42062 βΌ
π Read
via "National Vulnerability Database".
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41426 βΌ
π Read
via "National Vulnerability Database".
Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40503 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the userΓ’β¬β’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40502 βΌ
π Read
via "National Vulnerability Database".
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41427 βΌ
π Read
via "National Vulnerability Database".
Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43561 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38887 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43564 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43563 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43562 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.π Read
via "National Vulnerability Database".