ποΈ Pip-audit: Google-backed tool probes Python environments for vulnerable packages ποΈ
π Read
via "The Daily Swig".
βGood initial resultsβ, says one early adopterπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pip-audit: Google-backed tool probes Python environments for vulnerable packages
βGood initial resultsβ, says one early adopter
π΄ USB Devices the Common Denominator in All Attacks on Air-Gapped Systems π΄
π Read
via "Dark Reading".
A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.π Read
via "Dark Reading".
Dark Reading
USB Devices the Common Denominator in All Attacks on Air-Gapped Systems
A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.
β IoT devices must βprotect consumers from cyberharmβ, says UK government β
π Read
via "Naked Security".
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?π Read
via "Naked Security".
Naked Security
IoT devices must βprotect consumers from cyberharmβ, says UK government
βMust be at least THIS tall to go on rideβ seems to be the starting point. Too little, too late? Or better than nothing?
β S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast]
Latest episode β listen now!
βΌ CVE-2021-43991 βΌ
π Read
via "National Vulnerability Database".
The Kentico Xperience CMS version 13.0 Γ’β¬β 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3980 βΌ
π Read
via "National Vulnerability Database".
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
β What Are Your Top Cloud Security Challenges? Threatpost Poll β
π Read
via "Threat Post".
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!π Read
via "Threat Post".
Threat Post
What Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
β Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it β
π Read
via "Naked Security".
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.π Read
via "Naked Security".
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
Mozillaβs cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
π¦Ώ How well do you know your APIs? Not well enough, says Cisco π¦Ώ
π Read
via "Tech Republic".
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.π Read
via "Tech Republic".
TechRepublic
How well do you know your APIs? Not well enough, says Cisco
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.
π΄ Logiq.ai Tackles Observability Problem With LogFlow π΄
π Read
via "Dark Reading".
LogFlow addresses data risks associated with machine data pipelines.π Read
via "Dark Reading".
Dark Reading
Logiq.ai Tackles Observability Problem With LogFlow
LogFlow addresses data risks associated with machine data pipelines.
βΌ CVE-2021-29756 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29867 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38909 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20470 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20493 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29719 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091π Read
via "National Vulnerability Database".
βΌ CVE-2021-29716 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.π Read
via "National Vulnerability Database".
β Omicron Phishing Scam Already Spotted in UK β
π Read
via "Threat Post".
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.π Read
via "Threat Post".
Threat Post
Omicron Phishing Scam Already Spotted in UK
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.
π΄ How Criminals Are Using Synthetic Identities for Fraud π΄
π Read
via "Dark Reading".
Organizations must improve their cybersecurity protocols to detect fraudulent identities and make sure they're safeguarding their consumersβ personal information.π Read
via "Dark Reading".
Dark Reading
How Criminals Are Using Synthetic Identities for Fraud
Organizations must improve their cybersecurity protocols to detect fraudulent identities and make sure they're safeguarding their consumersβ personal information.
β Pandemic-Influenced Car Shopping: Just Use the Manufacturer API β
π Read
via "Threat Post".
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.π Read
via "Threat Post".
Threat Post
Pandemic-Influenced Car Shopping: Just Use the Manufacturer API
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.
π΄ IGI Cybersecurity Introduces CISO Team-as-a-Service π΄
π Read
via "Dark Reading".
Service gives customers access to a CISO-led team of practitioners with a variety of skills and expertise.π Read
via "Dark Reading".
Dark Reading
IGI Cybersecurity Introduces CISO Team-as-a-Service
Service gives customers access to a CISO-led team of practitioners with a variety of skills and expertise.