๐๏ธ Data breach at New Mexico healthcare business impacts 62,000 state residents ๐๏ธ
๐ Read
via "The Daily Swig".
True Health New Mexico was hit by a cyber-attack in October๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at New Mexico healthcare business impacts 62,000 state residents
True Health New Mexico was hit by a cyber-attack in October
โ S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast] โ
๐ Read
via "Naked Security".
Latest episode - listen now! Solid cybersecurity advice in plain English.๐ Read
via "Naked Security".
Naked Security
S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
Latest episode โ listen now! Solid cybersecurity advice in plain English.
๐๏ธ WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws ๐๏ธ
๐ Read
via "The Daily Swig".
Bugs deemed โvery easy to exploit as they require no prerequisitesโ๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws
Bugs deemed โvery easy to exploit as they require no prerequisitesโ
โ New Twists on Gift-Card Scams Flourish on Black Friday โ
๐ Read
via "Threat Post".
Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.๐ Read
via "Threat Post".
Threat Post
New Twists on Gift-Card Scams Flourish on Black Friday
Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.
๐๏ธ New differential fuzzing tool reveals novel HTTP request smuggling techniques ๐๏ธ
๐ Read
via "The Daily Swig".
White paper systematically examines the attack while showcasing a โlaundry listโ of new flaws๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New differential fuzzing tool reveals novel HTTP request smuggling techniques
White paper systematically examines the attack while showcasing a โlaundry listโ of new flaws
โผ CVE-2021-44223 โผ
๐ Read
via "National Vulnerability Database".
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2021-44225 โผ
๐ Read
via "National Vulnerability Database".
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property๐ Read
via "National Vulnerability Database".
๐๏ธ Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack ๐๏ธ
๐ Read
via "The Daily Swig".
Organization said it suffered โunauthorized accessโ to systems๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack
Organization said it suffered โunauthorized accessโ to systems
๐๏ธ Microsoft pushes ahead with controversial โbuy now, pay laterโ feature for Edge browser ๐๏ธ
๐ Read
via "The Daily Swig".
โItโs like youโre recapitulating the worst IE browser extensions and installing them by defaultโ, grumbles one user๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft pushes ahead with controversial โbuy now, pay laterโ feature for Edge browser
โItโs like youโre recapitulating the worst IE browser extensions and installing them by defaultโ, grumbles one user
โผ CVE-2021-38686 โผ
๐ Read
via "National Vulnerability Database".
An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38685 โผ
๐ Read
via "National Vulnerability Database".
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later๐ Read
via "National Vulnerability Database".
๐๏ธ Ukrainian police expose international phone-hacking gang ๐๏ธ
๐ Read
via "The Daily Swig".
โPhoenixโ group laid low following seizure of computing equipment and stolen devices๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ukrainian police expose international phone-hacking gang
โPhoenixโ group laid low following seizure of computing equipment and stolen devices
โ S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast] โ
๐ Read
via "Naked Security".
Latest episode - listen now! Solid cybersecurity advice in plain English.๐ Read
via "Naked Security".
Naked Security
S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
Latest episode โ listen now! Solid cybersecurity advice in plain English.
โผ CVE-2021-36807 โผ
๐ Read
via "National Vulnerability Database".
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25269 โผ
๐ Read
via "National Vulnerability Database".
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.๐ Read
via "National Vulnerability Database".
โ Cloud Security: Donโt wait until your next bill to find out about an attack! โ
๐ Read
via "Naked Security".
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.๐ Read
via "Naked Security".
Naked Security
Cloud Security: Donโt wait until your next bill to find out about an attack!
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
โ๏ธ The Internet is Held Together With Spit & Baling Wire โ๏ธ
๐ Read
via "Krebs on Security".
Imagine being able to disconnect or redirect Internet traffic destined for some of the world's largest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world's largest Internet backbones.๐ Read
via "Krebs on Security".
Krebsonsecurity
The Internet is Held Together With Spit & Baling Wire
Imagine being able to disconnect or redirect Internet traffic destined for some of the world's largest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operatesโฆ
โผ CVE-2021-36843 โผ
๐ Read
via "National Vulnerability Database".
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41279 โผ
๐ Read
via "National Vulnerability Database".
BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35533 โผ
๐ Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40833 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.๐ Read
via "National Vulnerability Database".