βΌ CVE-2021-44200 βΌ
π Read
via "National Vulnerability Database".
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035π Read
via "National Vulnerability Database".
βΌ CVE-2021-43786 βΌ
π Read
via "National Vulnerability Database".
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42364 βΌ
π Read
via "National Vulnerability Database".
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44202 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035π Read
via "National Vulnerability Database".
π΄ Panasonic Hit in Data Breach π΄
π Read
via "Dark Reading".
Tech firm reveals that data on one of its file servers was accessed by attackers.π Read
via "Dark Reading".
Dark Reading
Panasonic Hit in Data Breach
Tech firm reveals that data on one of its file servers was accessed by attackers.
π΄ Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation π΄
π Read
via "Dark Reading".
HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.π Read
via "Dark Reading".
Dark Reading
Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.
π΄ Google Analyzes Methods Behind GCP Workload Attacks π΄
π Read
via "Dark Reading".
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.π Read
via "Dark Reading".
Dark Reading
Google Analyzes Methods Behind GCP Workload Attacks
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.
π΄ IKEA Email Systems Targeted in Cyberattack π΄
π Read
via "Dark Reading".
Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.π Read
via "Dark Reading".
Dark Reading
IKEA Email Systems Targeted in Cyberattack
Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.
π΄ Phishing Remains the Most Common Cause of Data Breaches, Survey Says π΄
π Read
via "Dark Reading".
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.π Read
via "Dark Reading".
Dark Reading
Phishing Remains the Most Common Cause of Data Breaches, Survey Says
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.
π΄ 9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy π΄
π Read
via "Dark Reading".
Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.π Read
via "Dark Reading".
Dark Reading
9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy
Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.
βΌ CVE-2021-44427 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.π Read
via "National Vulnerability Database".
π΄ Armis Now Valued at $3.4B π΄
π Read
via "Dark Reading".
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.π Read
via "Dark Reading".
Dark Reading
Armis Now Valued at $3.4B
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.
π΄ Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface π΄
π Read
via "Dark Reading".
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.π Read
via "Dark Reading".
Dark Reading
Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.
βΌ CVE-2021-3727 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).π Read
via "National Vulnerability Database".
βΌ CVE-2021-3769 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3725 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3726 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.π Read
via "National Vulnerability Database".
ποΈ HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack ποΈ
π Read
via "The Daily Swig".
Hardware hacking technique gets points for innovation, although some degree of social engineering is requiredπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack
Hardware hacking technique gets points for innovation, although some degree of social engineering is required
π¦Ώ Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem π¦Ώ
π Read
via "Tech Republic".
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.π Read
via "Tech Republic".
TechRepublic
Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.
β Yanluowang Ransomware Tied to Thieflock Threat Actor β
π Read
via "Threat Post".
Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.π Read
via "Threat Post".
Threat Post
Yanluowang Ransomware Tied to Thieflock Threat Actor
A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software,β¦
ποΈ Panasonic admits data breach after attackers gain access to file server ποΈ
π Read
via "The Daily Swig".
Reports suggest that intrusion may have persisted for monthsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Panasonic admits data breach after attackers gain access to file server
Reports suggest that intrusion may have persisted for months