βΌ CVE-2021-3980 βΌ
π Read
via "National Vulnerability Database".
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
β What Are Your Top Cloud Security Challenges? Threatpost Poll β
π Read
via "Threat Post".
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!π Read
via "Threat Post".
Threat Post
What Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
β Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it β
π Read
via "Naked Security".
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.π Read
via "Naked Security".
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
Mozillaβs cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
π¦Ώ How well do you know your APIs? Not well enough, says Cisco π¦Ώ
π Read
via "Tech Republic".
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.π Read
via "Tech Republic".
TechRepublic
How well do you know your APIs? Not well enough, says Cisco
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.
π΄ Logiq.ai Tackles Observability Problem With LogFlow π΄
π Read
via "Dark Reading".
LogFlow addresses data risks associated with machine data pipelines.π Read
via "Dark Reading".
Dark Reading
Logiq.ai Tackles Observability Problem With LogFlow
LogFlow addresses data risks associated with machine data pipelines.
βΌ CVE-2021-29756 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29867 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38909 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20470 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20493 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29719 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091π Read
via "National Vulnerability Database".
βΌ CVE-2021-29716 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.π Read
via "National Vulnerability Database".
β Omicron Phishing Scam Already Spotted in UK β
π Read
via "Threat Post".
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.π Read
via "Threat Post".
Threat Post
Omicron Phishing Scam Already Spotted in UK
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.
π΄ How Criminals Are Using Synthetic Identities for Fraud π΄
π Read
via "Dark Reading".
Organizations must improve their cybersecurity protocols to detect fraudulent identities and make sure they're safeguarding their consumersβ personal information.π Read
via "Dark Reading".
Dark Reading
How Criminals Are Using Synthetic Identities for Fraud
Organizations must improve their cybersecurity protocols to detect fraudulent identities and make sure they're safeguarding their consumersβ personal information.
β Pandemic-Influenced Car Shopping: Just Use the Manufacturer API β
π Read
via "Threat Post".
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.π Read
via "Threat Post".
Threat Post
Pandemic-Influenced Car Shopping: Just Use the Manufacturer API
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.
π΄ IGI Cybersecurity Introduces CISO Team-as-a-Service π΄
π Read
via "Dark Reading".
Service gives customers access to a CISO-led team of practitioners with a variety of skills and expertise.π Read
via "Dark Reading".
Dark Reading
IGI Cybersecurity Introduces CISO Team-as-a-Service
Service gives customers access to a CISO-led team of practitioners with a variety of skills and expertise.
π΄ NSO Group Spyware Used to Breach US State Dept. Phones π΄
π Read
via "Dark Reading".
At least nine US State Department employee iPhones were targeted with sophisticated spyware developed by the Israeli firm NSO Group.π Read
via "Dark Reading".
Dark Reading
NSO Group Spyware Used to Breach US State Dept. Phones
At least nine US State Department employee iPhones were targeted with sophisticated spyware developed by the Israeli firm NSO Group.
βΌ CVE-2021-23758 βΌ
π Read
via "National Vulnerability Database".
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44352 βΌ
π Read
via "National Vulnerability Database".
A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44347 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44349 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.π Read
via "National Vulnerability Database".