βΌ CVE-2021-21707 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24751 βΌ
π Read
via "National Vulnerability Database".
The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24842 βΌ
π Read
via "National Vulnerability Database".
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24811 βΌ
π Read
via "National Vulnerability Database".
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24876 βΌ
π Read
via "National Vulnerability Database".
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24745 βΌ
π Read
via "National Vulnerability Database".
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
ποΈ UK Department for Transport caught inadvertently serving pornographic content to site visitors ποΈ
π Read
via "The Daily Swig".
βThe page has since been permanently deletedβ, a government spokesperson told The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK Department for Transport caught inadvertently serving pornographic content to site visitors
βThe page has since been permanently deletedβ, a government spokesperson told The Daily Swig
βΌ CVE-2021-43698 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
ποΈ Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime ποΈ
π Read
via "The Daily Swig".
Worldwide law enforcement operation targets online crime surgeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime
Worldwide law enforcement operation targets online crime surge
π΄ Paving the Road to Zero Trust With Adaptive Authentication π΄
π Read
via "Dark Reading".
A gradual transition to a world beyond passwords predisposes zero-trust projects to success.π Read
via "Dark Reading".
Dark Reading
Paving the Road to Zero Trust With Adaptive Authentication
A gradual transition to a world beyond passwords predisposes zero-trust projects to success.
π΄ NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications π΄
π Read
via "Dark Reading".
The solution combines NanoLockβs device-level, zero-trust protection with Waterfallβs hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.π Read
via "Dark Reading".
Dark Reading
NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications
The solution combines NanoLockβs device-level, zero-trust protection with Waterfallβs hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.
βΌ CVE-2021-43696 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43695 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43697 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ WFH security: How to protect your remote endpoints from vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.π Read
via "Tech Republic".
TechRepublic
WFH security: How to protect your remote endpoints from vulnerabilities
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.
β Cloud Security: Donβt wait until your next bill to find out about an attack! β
π Read
via "Naked Security".
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.π Read
via "Naked Security".
Naked Security
Cloud Security: Donβt wait until your next bill to find out about an attack!
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
β Shape-Shifting βTardigradeβ Malware Hits Vaccine Makers β
π Read
via "Threat Post".
Some security researchers say itβs actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows itβs for real a scary morphic malware that changes its parts and recompiles itself.π Read
via "Threat Post".
Threat Post
Shape-Shifting βTardigradeβ Malware Hits Vaccine Makers
Some security researchers say itβs actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows itβs for real a scary morphic malware that changes its parts and recompiles itself.
ποΈ Italian police crack down on fake Covid-19 vaccination passes ποΈ
π Read
via "The Daily Swig".
Underground trade conducted over Telegramπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Italian police crack down on fake Covid-19 vaccination passes
Underground trade conducted over Telegram
βΌ CVE-2021-3802 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43691 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39995 βΌ
π Read
via "National Vulnerability Database".
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.π Read
via "National Vulnerability Database".