βΌ CVE-2021-44427 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.π Read
via "National Vulnerability Database".
π΄ Armis Now Valued at $3.4B π΄
π Read
via "Dark Reading".
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.π Read
via "Dark Reading".
Dark Reading
Armis Now Valued at $3.4B
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.
π΄ Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface π΄
π Read
via "Dark Reading".
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.π Read
via "Dark Reading".
Dark Reading
Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.
βΌ CVE-2021-3727 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).π Read
via "National Vulnerability Database".
βΌ CVE-2021-3769 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3725 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3726 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.π Read
via "National Vulnerability Database".
ποΈ HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack ποΈ
π Read
via "The Daily Swig".
Hardware hacking technique gets points for innovation, although some degree of social engineering is requiredπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack
Hardware hacking technique gets points for innovation, although some degree of social engineering is required
π¦Ώ Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem π¦Ώ
π Read
via "Tech Republic".
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.π Read
via "Tech Republic".
TechRepublic
Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.
β Yanluowang Ransomware Tied to Thieflock Threat Actor β
π Read
via "Threat Post".
Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.π Read
via "Threat Post".
Threat Post
Yanluowang Ransomware Tied to Thieflock Threat Actor
A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software,β¦
ποΈ Panasonic admits data breach after attackers gain access to file server ποΈ
π Read
via "The Daily Swig".
Reports suggest that intrusion may have persisted for monthsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Panasonic admits data breach after attackers gain access to file server
Reports suggest that intrusion may have persisted for months
π Stegano 0.10.1 π
π Read
via "Packet Storm Security".
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.π Read
via "Packet Storm Security".
Packetstormsecurity
Stegano 0.10.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wapiti Web Application Vulnerability Scanner 3.0.8 π
π Read
via "Packet Storm Security".
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.π Read
via "Packet Storm Security".
Packetstormsecurity
Wapiti Web Application Vulnerability Scanner 3.0.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Finding Your Niche in Cybersecurity π΄
π Read
via "Dark Reading".
With a little patience and research, you can discover a role you love that also protects those around you.π Read
via "Dark Reading".
Dark Reading
Finding Your Niche in Cybersecurity
With a little patience and research, you can discover a role you love that also protects those around you.
β Controversial face matchers Clearview set to be fined over $20m β
π Read
via "Naked Security".
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service set to be fined over $20m
Scraping data for a facial recognition service? βThatβs unlawfulβ, concluded both the British and the Australians.
βΌ CVE-2021-41679 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41677 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25987 βΌ
π Read
via "National Vulnerability Database".
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post Γ’β¬ΕbodyΓ’β¬οΏ½ and Γ’β¬ΕtagsΓ’β¬οΏ½ donΓ’β¬β’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41678 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.π Read
via "National Vulnerability Database".
π΄ Ransomware vs. Cities: A Cyber War π΄
π Read
via "Dark Reading".
As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats.π Read
via "Dark Reading".
Dark Reading
Ransomware vs. Cities: A Cyber War
As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats.
π¦Ώ Become an ethical hacker for just $13 during this Cyber Week sale π¦Ώ
π Read
via "Tech Republic".
Now you can learn everything you need to become a master ethical hacker without having to take time away from your current job.π Read
via "Tech Republic".
TechRepublic
Become an ethical hacker for just $13 during this Cyber Week sale
Now you can learn everything you need to become a master ethical hacker without having to take time away from your current job.