π΄ North Korean Hacking Group Targets Diplomats, Forgoes Malware π΄
π Read
via "Dark Reading".
The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware.π Read
via "Dark Reading".
Dark Reading
North Korean Hacking Group Targets Diplomats, Forgoes Malware
The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware.
βΌ CVE-2021-37322 βΌ
π Read
via "National Vulnerability Database".
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.π Read
via "National Vulnerability Database".
π΄ Microsoft Exchange Server Flaws Now Exploited for BEC Attacks π΄
π Read
via "Dark Reading".
Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.π Read
via "Dark Reading".
Dark Reading
Microsoft Exchange Server Flaws Now Exploited for BEC Attacks
Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.
βΌ CVE-2021-40129 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40130 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41278 βΌ
π Read
via "National Vulnerability Database".
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk Γ’β¬ΕAESΓ’β¬οΏ½ transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an Γ’β¬ΕaesΓ’β¬οΏ½ transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the Γ’β¬ΕaesΓ’β¬οΏ½ transform and provides an improved Γ’β¬Εaes256Γ’β¬οΏ½ transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new "aes256" transform.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40131 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
π΄ Search CT Logs for Misconfigured SSL Certificates π΄
π Read
via "Dark Reading".
Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.π Read
via "Dark Reading".
Dark Reading
Search CT Logs for Misconfigured SSL Certificates
Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.
βΌ CVE-2021-44033 βΌ
π Read
via "National Vulnerability Database".
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44025 βΌ
π Read
via "National Vulnerability Database".
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44026 βΌ
π Read
via "National Vulnerability Database".
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39233 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39232 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39236 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36372 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41532 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39235 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39231 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42338 βΌ
π Read
via "National Vulnerability Database".
4MOSAn GCB DoctorΓ’β¬β’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39234 βΌ
π Read
via "National Vulnerability Database".
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.π Read
via "National Vulnerability Database".
ποΈ Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election ποΈ
π Read
via "The Daily Swig".
Pair were affiliated with group that tried to secure a win for Donald Trumpπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election
Pair were affiliated with group that tried to secure a win for Donald Trump