βΌ CVE-2018-12008 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2018-11900 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2015-9092 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.π Read
via "National Vulnerability Database".
π΄ Baffle's Data Privacy Cloud Protects Data for Amazon Redshift Customers π΄
π Read
via "Dark Reading".
Amazon Redshift customers can use Baffleβs Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics.π Read
via "Dark Reading".
Dark Reading
Baffle's Data Privacy Cloud Protects Data for Amazon Redshift Customers
Amazon Redshift customers can use Baffleβs Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics.
βΌ CVE-2021-44140 βΌ
π Read
via "National Vulnerability Database".
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40369 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.π Read
via "National Vulnerability Database".
ποΈ VMware addresses SSRF, arbitrary file read flaws in vCenter Server ποΈ
π Read
via "The Daily Swig".
βImportantβ severity flaws both reside in the vSphere Web Clientπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
VMware addresses SSRF, arbitrary file read flaws in vCenter Server
βImportantβ severity flaws both reside in the vSphere Web Client
β Attackers Actively Target Windows Installer Zero-Day β
π Read
via "Threat Post".
Researcher discovered a βmore powerfulβ variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.π Read
via "Threat Post".
Threat Post
Attackers Actively Target Windows Installer Zero-Day
Researcher discovered a βmore powerfulβ variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
ποΈ Cyberstalking study: UK residents most accepting of spyware to track partnersβ movements ποΈ
π Read
via "The Daily Swig".
Report from cybersecurity firm Kaspersky reveals worrying attitudes towards spyware usageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cyberstalking study: UK residents most accepting of spyware to track partnersβ movements
Report from cybersecurity firm Kaspersky reveals worrying attitudes towards spyware usage
π΄ When Will Security Frameworks Catch Up With the New Cybersecurity Normal? π΄
π Read
via "Dark Reading".
Standards need to reflect that most endpoints will be remote and/or wireless.π Read
via "Dark Reading".
Dark Reading
When Will Security Frameworks Catch Up With the New Cybersecurity Normal?
Standards need to reflect that most endpoints will be remote and/or wireless.
π DG Insights to Help Leaders Assess DLP Effectiveness π
π Read
via "".
Digital Guardian's Managed Security Program customers can now receive a weekly email that gives further insight into their organization's data movement.π Read
via "".
Digital Guardian
DG Insights to Help Leaders Assess DLP Effectiveness
Digital Guardian's Managed Security Program customers can now receive a weekly email that gives further insight into their organization's data movement.
π¦Ώ Apple needs to un-Mac-ify security and privacy in Safari π¦Ώ
π Read
via "Tech Republic".
Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.π Read
via "Tech Republic".
TechRepublic
Apple needs to un-Mac-ify security and privacy in Safari
Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.
ποΈ Decrypting diversity: One in five UK infosec professionals say theyβve experienced discrimination at work ποΈ
π Read
via "The Daily Swig".
Report states diversity and inclusion within the industry is lagging behindπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Decrypting diversity: One in five UK infosec professionals say theyβve experienced discrimination at work
Report states diversity and inclusion within the industry is lagging behind
β Appleβs NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker β
π Read
via "Threat Post".
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes.π Read
via "Threat Post".
Threat Post
Appleβs NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes.
β GoDaddy Breach Widens to Include Reseller Subsidiaries β
π Read
via "Threat Post".
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.π Read
via "Threat Post".
Threat Post
GoDaddy Breach Widens to Include Reseller Subsidiaries
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.
π GNU Privacy Guard 2.2.33 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.33 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β GoDaddy admits to password breach: check your Managed WordPress site! β
π Read
via "Naked Security".
GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.π Read
via "Naked Security".
Naked Security
GoDaddy admits to password breach: check your Managed WordPress site!
GoDaddy found crooks in its network, and kicked them out β but not before theyβd been in there for six weeks.
β Check your patches β public exploit now out for critical Exchange bug β
π Read
via "Naked Security".
It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-20840 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20843 βΌ
π Read
via "National Vulnerability Database".
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3554 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.π Read
via "National Vulnerability Database".