‼ CVE-2021-43558 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40771 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43560 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40775 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40770 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42738 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3943 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40774 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
🛠 OpenStego Free Steganography Solution 0.8.1 🛠
📖 Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).📖 Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.5 Binary Release 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.5 Binary Release ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.5 Source Code 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.5 Source Code ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 Mozilla has released a new platform for privacy-focused email communications 🦿
📖 Read
via "Tech Republic".
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.📖 Read
via "Tech Republic".
TechRepublic
Mozilla has released a new platform for privacy-focused email communications
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.
‼ CVE-2021-23673 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23732 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23718 ‼
📖 Read
via "National Vulnerability Database".
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-5640 ‼
📖 Read
via "National Vulnerability Database".
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user📖 Read
via "National Vulnerability Database".
❌ Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover ❌
📖 Read
via "Threat Post".
CloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.📖 Read
via "Threat Post".
Threat Post
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux's security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
❌ Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws ❌
📖 Read
via "Threat Post".
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.📖 Read
via "Threat Post".
Threat Post
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
Exploiting ProxyLogon and ProxyShell vulnerabilities, attackers have been malspamming replies in existing threads and slipping past malicious-email filters.
🦿 Leaders agree that cybersecurity is a business risk, but are they acting on that belief? 🦿
📖 Read
via "Tech Republic".
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.📖 Read
via "Tech Republic".
TechRepublic
Leaders agree that cybersecurity is a business risk, but are they acting on that belief?
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.
❌ Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches ❌
📖 Read
via "Threat Post".
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.📖 Read
via "Threat Post".
Threat Post
Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
🕴 10 Stocking Stuffers for Security Geeks 🕴
📖 Read
via "Dark Reading".
Check out our list of gifts with a big impact for hackers and other techie security professionals.📖 Read
via "Dark Reading".
Dark Reading
10 Stocking Stuffers for Security Geeks
Check out our list of gifts with a big impact for hackers and other techie security professionals.