βΌ CVE-2021-3726 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.π Read
via "National Vulnerability Database".
ποΈ HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack ποΈ
π Read
via "The Daily Swig".
Hardware hacking technique gets points for innovation, although some degree of social engineering is requiredπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack
Hardware hacking technique gets points for innovation, although some degree of social engineering is required
π¦Ώ Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem π¦Ώ
π Read
via "Tech Republic".
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.π Read
via "Tech Republic".
TechRepublic
Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.
β Yanluowang Ransomware Tied to Thieflock Threat Actor β
π Read
via "Threat Post".
Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.π Read
via "Threat Post".
Threat Post
Yanluowang Ransomware Tied to Thieflock Threat Actor
A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software,β¦
ποΈ Panasonic admits data breach after attackers gain access to file server ποΈ
π Read
via "The Daily Swig".
Reports suggest that intrusion may have persisted for monthsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Panasonic admits data breach after attackers gain access to file server
Reports suggest that intrusion may have persisted for months
π Stegano 0.10.1 π
π Read
via "Packet Storm Security".
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.π Read
via "Packet Storm Security".
Packetstormsecurity
Stegano 0.10.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wapiti Web Application Vulnerability Scanner 3.0.8 π
π Read
via "Packet Storm Security".
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.π Read
via "Packet Storm Security".
Packetstormsecurity
Wapiti Web Application Vulnerability Scanner 3.0.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Finding Your Niche in Cybersecurity π΄
π Read
via "Dark Reading".
With a little patience and research, you can discover a role you love that also protects those around you.π Read
via "Dark Reading".
Dark Reading
Finding Your Niche in Cybersecurity
With a little patience and research, you can discover a role you love that also protects those around you.
β Controversial face matchers Clearview set to be fined over $20m β
π Read
via "Naked Security".
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service set to be fined over $20m
Scraping data for a facial recognition service? βThatβs unlawfulβ, concluded both the British and the Australians.
βΌ CVE-2021-41679 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41677 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25987 βΌ
π Read
via "National Vulnerability Database".
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post Γ’β¬ΕbodyΓ’β¬οΏ½ and Γ’β¬ΕtagsΓ’β¬οΏ½ donΓ’β¬β’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41678 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.π Read
via "National Vulnerability Database".
π΄ Ransomware vs. Cities: A Cyber War π΄
π Read
via "Dark Reading".
As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats.π Read
via "Dark Reading".
Dark Reading
Ransomware vs. Cities: A Cyber War
As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats.
π¦Ώ Become an ethical hacker for just $13 during this Cyber Week sale π¦Ώ
π Read
via "Tech Republic".
Now you can learn everything you need to become a master ethical hacker without having to take time away from your current job.π Read
via "Tech Republic".
TechRepublic
Become an ethical hacker for just $13 during this Cyber Week sale
Now you can learn everything you need to become a master ethical hacker without having to take time away from your current job.
βΌ CVE-2021-43202 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43998 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for December 2021 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for December 2021
New web targets for the discerning hacker
π’ Practicality of UK governmentβs cyber bill criticised by industry experts π’
π Read
via "ITPro".
The Product Security and Telecommunications Infrastructure (PSTI) Bill falls short in several key areasπ Read
via "ITPro".
IT PRO
Practicality of UK governmentβs cyber bill criticised by industry experts | IT PRO
The Product Security and Telecommunications Infrastructure (PSTI) Bill falls short in several key areas
π’ Ikea launches "full-scale investigation" into email-based cyber attack π’
π Read
via "ITPro".
Early evidence seems to indicate a compromise of Microsoft Exchange servers in a reply chain attack campaignπ Read
via "ITPro".
ITPro
Ikea launches "full-scale investigation" into email-based cyber attack
Early evidence seems to indicate a compromise of Microsoft Exchange servers in a reply chain attack campaign
π’ What is smishing? π’
π Read
via "ITPro".
A closer look at one of the most perilous forms of phishingπ Read
via "ITPro".
IT PRO
What is smishing? | IT PRO
A closer look at one of the most perilous forms of phishing