🗓️ Secure development: New and improved Linux Random Number Generator ready for testing 🗓️
📖 Read
via "The Daily Swig".
Proposed replacement for /dev/random promises to double performance and add flexibility📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Secure development: New and improved Linux Random Number Generator ready for testing
Proposed replacement for /dev/random promises to double performance and add flexibility
🦿 How to beef up your multicloud security 🦿
📖 Read
via "Tech Republic".
A majority of IT leaders surveyed by Valtix said they realize their employees lack the necessary skills to manage multicloud security.📖 Read
via "Tech Republic".
TechRepublic
How to beef up your multicloud security
A majority of IT leaders surveyed by Valtix said they realize their employees lack the necessary skills to manage multicloud security.
🕴 5 Things ML Teams Should Know About Privacy and the GDPR 🕴
📖 Read
via "Dark Reading".
Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.📖 Read
via "Dark Reading".
Dark Reading
5 Things ML Teams Should Know About Privacy and the GDPR
Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.
🦿 5 predictions to help you focus your web app security resources in 2022 🦿
📖 Read
via "Tech Republic".
This is the year business leaders will learn just how innovative online criminals have become, and it'll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.📖 Read
via "Tech Republic".
TechRepublic
5 predictions to help you focus your web app security resources in 2022
This is the year business leaders will learn just how innovative online criminals have become, and it'll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.
‼ CVE-2021-43976 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42362 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42360 ‼
📖 Read
via "National Vulnerability Database".
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33480 ‼
📖 Read
via "National Vulnerability Database".
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35528 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33479 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43977 ‼
📖 Read
via "National Vulnerability Database".
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33481 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32234 ‼
📖 Read
via "National Vulnerability Database".
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43975 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.📖 Read
via "National Vulnerability Database".
🕴 Cybercriminals Contemplate 'Exploit-as-a-Service' Model 🕴
📖 Read
via "Dark Reading".
Researchers share their findings on the current zero-day market and how criminals' strategies may shift in the future.📖 Read
via "Dark Reading".
Dark Reading
Cybercriminals Contemplate 'Exploit-as-a-Service' Model
Researchers share their findings on the current zero-day market and how criminals' strategies may shift in the future.
‼ CVE-2021-33092 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0200 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41274 ‼
📖 Read
via "National Vulnerability Database".
solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33062 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43553 ‼
📖 Read
via "National Vulnerability Database".
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0135 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".