π΄ New Application Security Toolkit Uncovers Dependency Confusion Attacks π΄
π Read
via "Dark Reading".
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.π Read
via "Dark Reading".
Dark Reading
New Application Security Toolkit Uncovers Dependency Confusion Attacks
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.
βΌ CVE-2021-40873 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40871 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40872 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33816 βΌ
π Read
via "National Vulnerability Database".
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33618 βΌ
π Read
via "National Vulnerability Database".
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26558 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25980 βΌ
π Read
via "National Vulnerability Database".
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the Γ’β¬Εforgot passwordΓ’β¬οΏ½ functionality to reset the victimΓ’β¬β’s password and successfully take over their account.π Read
via "National Vulnerability Database".
π΄ Should Our Security Controls Be More Like North Korea or Norway? π΄
π Read
via "Dark Reading".
When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.π Read
via "Dark Reading".
Dark Reading
Should Our Security Controls Be More Like North Korea or Norway?
When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.
β Tiny Font Size Fools Email Filters in BEC Phishing β
π Read
via "Threat Post".
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.π Read
via "Threat Post".
Threat Post
Tiny Font Size Fools Email Filters in BEC Phishing
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
ποΈ Dependency Combobulator offers defense against namespace confusion attacks ποΈ
π Read
via "The Daily Swig".
Toolkit βtackles common scenariosβ and can evolve to detect emerging attack variantsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dependency Combobulator offers defense against namespace confusion attacks
Toolkit βtackles common scenariosβ and can evolve to detect emerging attack variants
β Patch Tuesday updates the Win 7 updaterβ¦ for at most 1 more year of updates β
π Read
via "Naked Security".
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!π Read
via "Naked Security".
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there wonβt be any double overtime!
π¦Ώ How cybercriminals use bait attacks to gather info about their intended victims π¦Ώ
π Read
via "Tech Republic".
With a bait attack, criminals try to obtain the necessary details to plan future attacks against their targets, says Barracuda.π Read
via "Tech Republic".
TechRepublic
How cybercriminals use bait attacks to gather info about their intended victims
With a bait attack, criminals try to obtain the necessary details to plan future attacks against their targets, says Barracuda.
ποΈ Palo Alto GlobalProtect users urged to patch against critical vulnerability ποΈ
π Read
via "The Daily Swig".
Details withheld about dangerous threat as orgs given one-month patching windowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Palo Alto GlobalProtect users urged to patch against critical vulnerability
Details withheld about dangerous threat as orgs given one-month patching window
βΌ CVE-2021-43350 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.π Read
via "National Vulnerability Database".
ποΈ Zero tolerance: How infosecβs online βcancel cultureβ is stunting industry growth ποΈ
π Read
via "The Daily Swig".
Fear of Twitter fallout is stopping vital information from being shared Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Blackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zero tolerance: How infosecβs online βcancel cultureβ is stunting industry growth
Fear of Twitter fallout is stopping vital information from being shared
π¦Ώ This pre-Black Friday sale lets you save an extra 15% off cybersecurity certification training courses π¦Ώ
π Read
via "Tech Republic".
Receive over 100 hours of expert instruction on globally recognized cybersecurity skills that will help you become an in-demand IT professional.π Read
via "Tech Republic".
TechRepublic
This pre-Black Friday sale lets you save an extra 15% off cybersecurity certification training courses
Receive over 100 hours of expert instruction on globally recognized cybersecurity skills that will help you become an in-demand IT professional.
π¦Ώ How to easily transfer files between computers with croc π¦Ώ
π Read
via "Tech Republic".
If you're looking for an easy command-line tool to transfer files between systems on the same LAN, Jack Wallen believes croc is the tool for the job.π Read
via "Tech Republic".
TechRepublic
How to easily transfer files between computers with croc
If you're looking for an easy command-line tool to transfer files between systems on the same LAN, Jack Wallen believes croc is the tool for the job.
ποΈ GoCD bug chain provides second springboard to supply chain attacks ποΈ
π Read
via "The Daily Swig".
Follow-up to recent GoCD disclosure provides additional path to infiltrating build environmentsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GoCD bug chain provides second springboard for supply chain attacks
Follow-up to recent GoCD disclosure provides additional path to infiltrating build environments
β S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]
Latest epsiode β listen now!
π΄ Third-Party Software Risks Grow, but So Do Solutions π΄
π Read
via "Dark Reading".
Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.π Read
via "Dark Reading".
Dark Reading
Third-Party Software Risks Grow, but So Do Solutions
Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.