βΌ CVE-2021-4000 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44021 βΌ
π Read
via "National Vulnerability Database".
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43673 βΌ
π Read
via "National Vulnerability Database".
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43772 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44022 βΌ
π Read
via "National Vulnerability Database".
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44019 βΌ
π Read
via "National Vulnerability Database".
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.π Read
via "National Vulnerability Database".
π¦Ώ How to avoid being a hacker's next target: Don't overshare information on business social media π¦Ώ
π Read
via "Tech Republic".
When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.π Read
via "Tech Republic".
TechRepublic
How to avoid being a hacker's next target: Don't overshare information on business social media
When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.
π Friday Five 12/2 π
π Read
via "".
$31 in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 12/2
$31 in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!
ποΈ US identity thieves jailed over $130,000 scam that targeted the elderly ποΈ
π Read
via "The Daily Swig".
Dark web fraudsters caught after stealing the identities of murder victimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US identity thieves jailed over $130,000 scam that targeted the elderly
Dark web fraudsters caught after stealing the identities of murder victims
π΄ An Insider's Account of Disclosing Vulnerabilities π΄
π Read
via "Dark Reading".
Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.π Read
via "Dark Reading".
Dark Reading
An Insider's Account of Disclosing Vulnerabilities
Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.
βΌ CVE-2021-44278 βΌ
π Read
via "National Vulnerability Database".
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43676 βΌ
π Read
via "National Vulnerability Database".
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43674 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.π Read
via "National Vulnerability Database".
ποΈ Pip-audit: Google-backed tool probes Python environments for vulnerable packages ποΈ
π Read
via "The Daily Swig".
βGood initial resultsβ, says one early adopterπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pip-audit: Google-backed tool probes Python environments for vulnerable packages
βGood initial resultsβ, says one early adopter
π΄ USB Devices the Common Denominator in All Attacks on Air-Gapped Systems π΄
π Read
via "Dark Reading".
A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.π Read
via "Dark Reading".
Dark Reading
USB Devices the Common Denominator in All Attacks on Air-Gapped Systems
A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.
β IoT devices must βprotect consumers from cyberharmβ, says UK government β
π Read
via "Naked Security".
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?π Read
via "Naked Security".
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
βMust be at least THIS tall to go on rideβ seems to be the starting point. Too little, too late? Or better than nothing?
β S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast]
Latest episode β listen now!
βΌ CVE-2021-43991 βΌ
π Read
via "National Vulnerability Database".
The Kentico Xperience CMS version 13.0 Γ’β¬β 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3980 βΌ
π Read
via "National Vulnerability Database".
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
β What Are Your Top Cloud Security Challenges? Threatpost Poll β
π Read
via "Threat Post".
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!π Read
via "Threat Post".
Threat Post
What Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
β Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it β
π Read
via "Naked Security".
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.π Read
via "Naked Security".
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
Mozillaβs cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.