βΌ CVE-2021-24745 βΌ
π Read
via "National Vulnerability Database".
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
ποΈ UK Department for Transport caught inadvertently serving pornographic content to site visitors ποΈ
π Read
via "The Daily Swig".
βThe page has since been permanently deletedβ, a government spokesperson told The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK Department for Transport caught inadvertently serving pornographic content to site visitors
βThe page has since been permanently deletedβ, a government spokesperson told The Daily Swig
βΌ CVE-2021-43698 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
ποΈ Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime ποΈ
π Read
via "The Daily Swig".
Worldwide law enforcement operation targets online crime surgeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime
Worldwide law enforcement operation targets online crime surge
π΄ Paving the Road to Zero Trust With Adaptive Authentication π΄
π Read
via "Dark Reading".
A gradual transition to a world beyond passwords predisposes zero-trust projects to success.π Read
via "Dark Reading".
Dark Reading
Paving the Road to Zero Trust With Adaptive Authentication
A gradual transition to a world beyond passwords predisposes zero-trust projects to success.
π΄ NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications π΄
π Read
via "Dark Reading".
The solution combines NanoLockβs device-level, zero-trust protection with Waterfallβs hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.π Read
via "Dark Reading".
Dark Reading
NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications
The solution combines NanoLockβs device-level, zero-trust protection with Waterfallβs hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.
βΌ CVE-2021-43696 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43695 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43697 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ WFH security: How to protect your remote endpoints from vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.π Read
via "Tech Republic".
TechRepublic
WFH security: How to protect your remote endpoints from vulnerabilities
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.
β Cloud Security: Donβt wait until your next bill to find out about an attack! β
π Read
via "Naked Security".
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.π Read
via "Naked Security".
Naked Security
Cloud Security: Donβt wait until your next bill to find out about an attack!
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
β Shape-Shifting βTardigradeβ Malware Hits Vaccine Makers β
π Read
via "Threat Post".
Some security researchers say itβs actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows itβs for real a scary morphic malware that changes its parts and recompiles itself.π Read
via "Threat Post".
Threat Post
Shape-Shifting βTardigradeβ Malware Hits Vaccine Makers
Some security researchers say itβs actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows itβs for real a scary morphic malware that changes its parts and recompiles itself.
ποΈ Italian police crack down on fake Covid-19 vaccination passes ποΈ
π Read
via "The Daily Swig".
Underground trade conducted over Telegramπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Italian police crack down on fake Covid-19 vaccination passes
Underground trade conducted over Telegram
βΌ CVE-2021-3802 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43691 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39995 βΌ
π Read
via "National Vulnerability Database".
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43692 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43693 βΌ
π Read
via "National Vulnerability Database".
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.π Read
via "National Vulnerability Database".
β Unpatched Windows Zero-Day Allows Privileged File Access β
π Read
via "Threat Post".
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.π Read
via "Threat Post".
Threat Post
Unpatched Windows Zero-Day Allows Privileged File Access
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
π OpenStego Free Steganography Solution 0.8.2 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks β
π Read
via "Threat Post".
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.π Read
via "Threat Post".
Threat Post
ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.