βΌ CVE-2021-43695 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43697 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ WFH security: How to protect your remote endpoints from vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.π Read
via "Tech Republic".
TechRepublic
WFH security: How to protect your remote endpoints from vulnerabilities
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.
β Cloud Security: Donβt wait until your next bill to find out about an attack! β
π Read
via "Naked Security".
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.π Read
via "Naked Security".
Naked Security
Cloud Security: Donβt wait until your next bill to find out about an attack!
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
β Shape-Shifting βTardigradeβ Malware Hits Vaccine Makers β
π Read
via "Threat Post".
Some security researchers say itβs actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows itβs for real a scary morphic malware that changes its parts and recompiles itself.π Read
via "Threat Post".
Threat Post
Shape-Shifting βTardigradeβ Malware Hits Vaccine Makers
Some security researchers say itβs actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows itβs for real a scary morphic malware that changes its parts and recompiles itself.
ποΈ Italian police crack down on fake Covid-19 vaccination passes ποΈ
π Read
via "The Daily Swig".
Underground trade conducted over Telegramπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Italian police crack down on fake Covid-19 vaccination passes
Underground trade conducted over Telegram
βΌ CVE-2021-3802 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43691 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39995 βΌ
π Read
via "National Vulnerability Database".
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43692 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43693 βΌ
π Read
via "National Vulnerability Database".
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.π Read
via "National Vulnerability Database".
β Unpatched Windows Zero-Day Allows Privileged File Access β
π Read
via "Threat Post".
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.π Read
via "Threat Post".
Threat Post
Unpatched Windows Zero-Day Allows Privileged File Access
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
π OpenStego Free Steganography Solution 0.8.2 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks β
π Read
via "Threat Post".
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.π Read
via "Threat Post".
Threat Post
ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.
π U.S. Issues Guidance to Protect Critical, Emerging Tech from Hacks π
π Read
via "".
The guidance applies to companies who work in semiconductors, quantum computing, the bioeconomy, and AI.π Read
via "".
Digital Guardian
U.S. Issues Guidance to Protect Critical, Emerging Tech from Hacks
The guidance applies to companies who work in semiconductors, quantum computing, the bioeconomy, and AI.
β IKEA Hit by Email Reply-Chain Cyberattack β
π Read
via "Threat Post".
IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.π Read
via "Threat Post".
Threat Post
IKEA Hit by Email Reply-Chain Cyberattack
IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.
β Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months β
π Read
via "Threat Post".
Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.π Read
via "Threat Post".
Threat Post
Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months
Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.
βΌ CVE-2021-43783 βΌ
π Read
via "National Vulnerability Database".
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43787 βΌ
π Read
via "National Vulnerability Database".
Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42358 βΌ
π Read
via "National Vulnerability Database".
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43788 βΌ
π Read
via "National Vulnerability Database".
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.π Read
via "National Vulnerability Database".