‼ CVE-2021-29863 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29779 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42776 ‼
📖 Read
via "National Vulnerability Database".
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38575 ‼
📖 Read
via "National Vulnerability Database".
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20400 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.📖 Read
via "National Vulnerability Database".
🕴 CyCognito Raises $100 Million Series C Funding 🕴
📖 Read
via "Dark Reading".
Companies offers external attack surface management platform to help companies prioritize, investigate, and respond to potential security risks.📖 Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
❌ 80K Retail WooCommerce Sites Exposed by Plugin XSS Bug ❌
📖 Read
via "Threat Post".
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.📖 Read
via "Threat Post".
Threat Post
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
🦿 Cybersecurity: Increase your protection by using the open-source tool YARA 🦿
📖 Read
via "Tech Republic".
This won't replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here's how to install it on Mac, Windows and Linux.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity: Increase your protection by using the open source tool YARA
YARA won't replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here's how to install YARA on macOS, Windows and Linux.
‼ CVE-2021-43137 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43792 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43794 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43793 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41039 ‼
📖 Read
via "National Vulnerability Database".
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43451 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.📖 Read
via "National Vulnerability Database".
🕴 New Ransomware Variant Could Become Next Big Threat 🕴
📖 Read
via "Dark Reading".
"Yanluowang" strain appears to be establishing itself in the cybercrime marketplace, experts say.📖 Read
via "Dark Reading".
Dark Reading
New Ransomware Variant Could Become Next Big Threat
"Yanluowang" strain appears to be establishing itself in the cybercrime marketplace, experts say.
🕴 Russian Man Sentenced to 60 Months in Prison for Running 'Bulletproof' Hosting for Cybercrime 🕴
📖 Read
via "Dark Reading".
Service hosted Zeus, SpyEye, Citadel, Blackhole Exploit Kit malware aimed at US companies and financial institutions.📖 Read
via "Dark Reading".
Dark Reading
Russian Man Sentenced to 60 Months in Prison for Running 'Bulletproof' Hosting for Cybercrime
Service hosted Zeus, SpyEye, Citadel, Blackhole Exploit Kit malware aimed at US companies and financial institutions.
🕴 Neustar Security Services Spins Out as Own Company 🕴
📖 Read
via "Dark Reading".
The company plans to offer newly integrated services into its Ultra Secure portfolio and expand its sales, marketing, and service capabilities.📖 Read
via "Dark Reading".
Dark Reading
Neustar Security Services Spins Out as Own Company
The company plans to offer newly integrated services into its Ultra Secure portfolio and expand its sales, marketing, and service capabilities.
‼ CVE-2021-33274 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33271 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33265 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33267 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".