βΌ CVE-2021-44019 βΌ
π Read
via "National Vulnerability Database".
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.π Read
via "National Vulnerability Database".
π¦Ώ How to avoid being a hacker's next target: Don't overshare information on business social media π¦Ώ
π Read
via "Tech Republic".
When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.π Read
via "Tech Republic".
TechRepublic
How to avoid being a hacker's next target: Don't overshare information on business social media
When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.
π Friday Five 12/2 π
π Read
via "".
$31 in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 12/2
$31 in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!
ποΈ US identity thieves jailed over $130,000 scam that targeted the elderly ποΈ
π Read
via "The Daily Swig".
Dark web fraudsters caught after stealing the identities of murder victimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US identity thieves jailed over $130,000 scam that targeted the elderly
Dark web fraudsters caught after stealing the identities of murder victims
π΄ An Insider's Account of Disclosing Vulnerabilities π΄
π Read
via "Dark Reading".
Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.π Read
via "Dark Reading".
Dark Reading
An Insider's Account of Disclosing Vulnerabilities
Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.
βΌ CVE-2021-44278 βΌ
π Read
via "National Vulnerability Database".
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43676 βΌ
π Read
via "National Vulnerability Database".
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43674 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.π Read
via "National Vulnerability Database".
ποΈ Pip-audit: Google-backed tool probes Python environments for vulnerable packages ποΈ
π Read
via "The Daily Swig".
βGood initial resultsβ, says one early adopterπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pip-audit: Google-backed tool probes Python environments for vulnerable packages
βGood initial resultsβ, says one early adopter
π΄ USB Devices the Common Denominator in All Attacks on Air-Gapped Systems π΄
π Read
via "Dark Reading".
A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.π Read
via "Dark Reading".
Dark Reading
USB Devices the Common Denominator in All Attacks on Air-Gapped Systems
A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.
β IoT devices must βprotect consumers from cyberharmβ, says UK government β
π Read
via "Naked Security".
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?π Read
via "Naked Security".
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
βMust be at least THIS tall to go on rideβ seems to be the starting point. Too little, too late? Or better than nothing?
β S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast]
Latest episode β listen now!
βΌ CVE-2021-43991 βΌ
π Read
via "National Vulnerability Database".
The Kentico Xperience CMS version 13.0 Γ’β¬β 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3980 βΌ
π Read
via "National Vulnerability Database".
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
β What Are Your Top Cloud Security Challenges? Threatpost Poll β
π Read
via "Threat Post".
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!π Read
via "Threat Post".
Threat Post
What Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
β Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it β
π Read
via "Naked Security".
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.π Read
via "Naked Security".
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
Mozillaβs cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
π¦Ώ How well do you know your APIs? Not well enough, says Cisco π¦Ώ
π Read
via "Tech Republic".
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.π Read
via "Tech Republic".
TechRepublic
How well do you know your APIs? Not well enough, says Cisco
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.
π΄ Logiq.ai Tackles Observability Problem With LogFlow π΄
π Read
via "Dark Reading".
LogFlow addresses data risks associated with machine data pipelines.π Read
via "Dark Reading".
Dark Reading
Logiq.ai Tackles Observability Problem With LogFlow
LogFlow addresses data risks associated with machine data pipelines.
βΌ CVE-2021-29756 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29867 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38909 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.π Read
via "National Vulnerability Database".