βΌ CVE-2021-44227 βΌ
π Read
via "National Vulnerability Database".
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.π Read
via "National Vulnerability Database".
ποΈ Data breach at Florida school district impacts 50,000 students and employees ποΈ
π Read
via "The Daily Swig".
Broward County School District backtracks after ransomware attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at Florida school district impacts 50,000 students and employees
Broward County School District backtracks after ransomware attack
ποΈ Insider threat: Tech firm was hacked and extorted by its own employee, says FBI ποΈ
π Read
via "The Daily Swig".
Senior developer also accused of posing as anonymous whistleblowerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Insider threat: Tech firm was hacked and extorted by its own employee, says FBI
Senior developer also accused of posing as anonymous whistleblower
π΄ Breaking the Black Mirror and Other Lessons From Day of Shecurity π΄
π Read
via "Dark Reading".
Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry.π Read
via "Dark Reading".
Dark Reading
Breaking the Black Mirror and Other Lessons From Day of Shecurity
Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry.
βΌ CVE-2021-43682 βΌ
π Read
via "National Vulnerability Database".
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].π Read
via "National Vulnerability Database".
βΌ CVE-2021-43681 βΌ
π Read
via "National Vulnerability Database".
SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].π Read
via "National Vulnerability Database".
βΌ CVE-2021-43686 βΌ
π Read
via "National Vulnerability Database".
nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].π Read
via "National Vulnerability Database".
βΌ CVE-2021-43683 βΌ
π Read
via "National Vulnerability Database".
pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].π Read
via "National Vulnerability Database".
π Five Health Providers Held Accountable for Violating HIPAA Right of Access π
π Read
via "".
OCR has shown that its serious about patients being able to access their healthcare records β recently levied penalties serve as a reminder for organizations to know where PHI is at all times.π Read
via "".
Digital Guardian
Five Health Providers Held Accountable for Violating HIPAA Right of Access
OCR has shown that its serious about patients being able to access their healthcare records β recently levied penalties serve as a reminder for organizations to know where PHI is at all times.
βοΈ Ubiquiti Developer Charged With Extortion, Causing 2020 βBreachβ βοΈ
π Read
via "Krebs on Security".
In January 2021, technology vendor Ubiquiti Inc. [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.π Read
via "Krebs on Security".
Krebsonsecurity
Final Thoughts on Ubiquiti
Last year, I posted a series of articles about a purported "breach" at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing β which includes providing falseβ¦
π I2P 1.6.1 π
π Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.π Read
via "Packet Storm Security".
Packetstormsecurity
I2P 1.6.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Ransomware groups increasingly using data leak threats to pile pressure on victims ποΈ
π Read
via "The Daily Swig".
Nearly one in three victims succumb to extortion, estimates Group-IBπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware groups increasingly using data leak threats to pile pressure on victims
Nearly one in three victims succumb to extortion, estimates Group-IB
π΄ When Will a Cloud Infrastructure Heavyweight Launch a SASE? π΄
π Read
via "Dark Reading".
There's been a veritable gold rush of security vendors getting into secure access service edge. Now will any of the major IaaS vendors enter the market? Rik Turner makes the case.π Read
via "Dark Reading".
Dark Reading
When Will a Cloud Infrastructure Heavyweight Launch a SASE?
There's been a veritable gold rush of security vendors getting into secure access service edge. Now will any of the major IaaS vendors enter the market? Rik Turner makes the case.
β IoT devices must βprotect consumers from cyberharmβ, says UK government β
π Read
via "Naked Security".
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?π Read
via "Naked Security".
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
βMust be at least THIS tall to go on rideβ seems to be the starting point. Too little, too late? Or better than nothing?
βΌ CVE-2021-23260 βΌ
π Read
via "National Vulnerability Database".
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23262 βΌ
π Read
via "National Vulnerability Database".
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23263 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23258 βΌ
π Read
via "National Vulnerability Database".
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23259 βΌ
π Read
via "National Vulnerability Database".
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23261 βΌ
π Read
via "National Vulnerability Database".
Authenticated administrators may override the system configuration file and cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43679 βΌ
π Read
via "National Vulnerability Database".
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.π Read
via "National Vulnerability Database".