βΌ CVE-2021-42377 βΌ
π Read
via "National Vulnerability Database".
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.π Read
via "National Vulnerability Database".
β Emotet malware: βThe report of my death was an exaggerationβ β
π Read
via "Naked Security".
"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.π Read
via "Naked Security".
Naked Security
Emotet malware: βThe report of my death was an exaggerationβ
βOld malware rarely dies.β The best way to predict the future is to look at the pastβ¦ if it worked before, it will probably work again.
β The self-driving smart suitcaseβ¦ that the person behind you can hijack! β
π Read
via "Naked Security".
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?π Read
via "Naked Security".
Naked Security
The self-driving smart suitcase⦠that the person behind you can hijack!
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?
π¦Ώ Your weak passwords can be cracked in less than a second π¦Ώ
π Read
via "Tech Republic".
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.π Read
via "Tech Republic".
TechRepublic
Your weak passwords can be cracked in less than a second
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.
π¦Ώ How to protect your organization from ransomware attacks during the holiday season π¦Ώ
π Read
via "Tech Republic".
A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.π Read
via "Tech Republic".
TechRepublic
How to protect your organization from ransomware attacks during the holiday season
A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.
βΌ CVE-2021-42250 βΌ
π Read
via "National Vulnerability Database".
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40745 βΌ
π Read
via "National Vulnerability Database".
Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.π Read
via "National Vulnerability Database".
π΄ Is XDR Overhyped? π΄
π Read
via "Dark Reading".
Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.π Read
via "Dark Reading".
Dark Reading
Is XDR Overhyped?
Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.
β Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns β
π Read
via "Threat Post".
Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving.π Read
via "Threat Post".
Threat Post
Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving.
β Appleβs Privacy Protection feature β watch out if you have a Watch! β
π Read
via "Naked Security".
Apple's "Protect Mail Activity" is a handy privacy enhancement for your messaging habits. As long as you know its limitations...π Read
via "Naked Security".
Naked Security
Appleβs Mail Privacy Protection feature β watch out if you have a Watch!
Appleβs βProtect Mail Activityβ is a handy privacy enhancement for your messaging habits. As long as you know its limitationsβ¦
ποΈ Secure development: New and improved Linux Random Number Generator ready for testing ποΈ
π Read
via "The Daily Swig".
Proposed replacement for /dev/random promises to double performance and add flexibilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Secure development: New and improved Linux Random Number Generator ready for testing
Proposed replacement for /dev/random promises to double performance and add flexibility
π¦Ώ How to beef up your multicloud security π¦Ώ
π Read
via "Tech Republic".
A majority of IT leaders surveyed by Valtix said they realize their employees lack the necessary skills to manage multicloud security.π Read
via "Tech Republic".
TechRepublic
How to beef up your multicloud security
A majority of IT leaders surveyed by Valtix said they realize their employees lack the necessary skills to manage multicloud security.
π΄ 5 Things ML Teams Should Know About Privacy and the GDPR π΄
π Read
via "Dark Reading".
Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.π Read
via "Dark Reading".
Dark Reading
5 Things ML Teams Should Know About Privacy and the GDPR
Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.
π¦Ώ 5 predictions to help you focus your web app security resources in 2022 π¦Ώ
π Read
via "Tech Republic".
This is the year business leaders will learn just how innovative online criminals have become, and it'll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.π Read
via "Tech Republic".
TechRepublic
5 predictions to help you focus your web app security resources in 2022
This is the year business leaders will learn just how innovative online criminals have become, and it'll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.
βΌ CVE-2021-43976 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).π Read
via "National Vulnerability Database".
βΌ CVE-2021-42362 βΌ
π Read
via "National Vulnerability Database".
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42360 βΌ
π Read
via "National Vulnerability Database".
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33480 βΌ
π Read
via "National Vulnerability Database".
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35528 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33479 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43977 βΌ
π Read
via "National Vulnerability Database".
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.π Read
via "National Vulnerability Database".