βΌ CVE-2021-23264 βΌ
π Read
via "National Vulnerability Database".
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.π Read
via "National Vulnerability Database".
π΄ Key Characteristics of Malicious Domains: Report π΄
π Read
via "Dark Reading".
Newer top-level domains and certain hosting providers are frequent sources of malicious content, while newly registered domains and free SSL certificates are not any more likely than average to be risky, new research shows.π Read
via "Dark Reading".
Dark Reading
Key Characteristics of Malicious Domains: Report
Newer top-level domains and certain hosting providers are frequent sources of malicious content, while newly registered domains and free SSL certificates are not any more likely than average to be risky, new research shows.
β AT&T Takes Steps to Mitigate Botnet Found Inside Its Network β
π Read
via "Threat Post".
AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.π Read
via "Threat Post".
Threat Post
AT&T Takes Steps to Mitigate Botnet Found Inside Its Network
AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.
β S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast]
Latest episode β listen now!
βΌ CVE-2021-3944 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2015-20106 βΌ
π Read
via "National Vulnerability Database".
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2015-20105 βΌ
π Read
via "National Vulnerability Database".
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43795 βΌ
π Read
via "National Vulnerability Database".
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44518 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication.π Read
via "National Vulnerability Database".
β Planned Parenthood Breach Opens Patients to Follow-On Attacks β
π Read
via "Threat Post".
Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information.π Read
via "Threat Post".
Threat Post
Planned Parenthood Breach Opens Patients to Follow-On Attacks
Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures and/or prescription information.
β βDouble-Extortionβ Ransomware Data Leaks Skyrocket 935% β
π Read
via "Threat Post".
Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.π Read
via "Threat Post".
Threat Post
βDouble-Extortionβ Ransomware Damage Skyrockets 935%
Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.
π¦Ώ Insider threats: How trustworthy are your employees? π¦Ώ
π Read
via "Tech Republic".
While we often worry about outside threats to our business data, insider threats are a growing problem. Here's how to secure your business.π Read
via "Tech Republic".
TechRepublic
Insider threats: How trustworthy are your employees?
While we often worry about outside threats to our business data, insider threats are a growing problem. Here's how to secure your business.
π΄ Planned Parenthood LA Breach Compromises 400,000 Patients' Data π΄
π Read
via "Dark Reading".
The breach, which compromised data such as insurance details and prescription information, took place between Oct. 9 and Oct. 17.π Read
via "Dark Reading".
Dark Reading
Planned Parenthood LA Breach Compromises 400,000 Patients' Data
The breach, which compromised data such as insurance details and prescription information, took place between Oct. 9 and Oct. 17.
βΌ CVE-2021-44050 βΌ
π Read
via "National Vulnerability Database".
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40334 βΌ
π Read
via "National Vulnerability Database".
Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40333 βΌ
π Read
via "National Vulnerability Database".
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43327 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.π Read
via "National Vulnerability Database".
π΄ Top 5 Reasons to Get 'SASE' With Security π΄
π Read
via "Dark Reading".
Proactively updating and integrating technology, and ensuring tight collaboration between IT and security β¦ it's simple, right? Well, not always β especially for organizations with limited resources.π Read
via "Dark Reading".
Dark Reading
Top 5 Reasons to Get 'SASE' With Security
Proactively updating and integrating technology, and ensuring tight collaboration between IT and security β¦ it's simple, right? Well, not always β especially for organizations with limited resources.
π΄ Darktrace Reports 30% More Ransomware Attacks Targeting Organizations During the Holiday Period π΄
π Read
via "Dark Reading".
Researchers also observed a 70% average increase in attempted ransomware attacks.π Read
via "Dark Reading".
Dark Reading
Darktrace Reports 30% More Ransomware Attacks Targeting Organizations During the Holiday Period
Researchers also observed a 70% average increase in attempted ransomware attacks.
βΌ CVE-2020-36129 βΌ
π Read
via "National Vulnerability Database".
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36135 βΌ
π Read
via "National Vulnerability Database".
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.π Read
via "National Vulnerability Database".