βΌ CVE-2021-43038 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43039 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43037 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43042 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.π Read
via "National Vulnerability Database".
ποΈ Crypto-exchange BitMart reports $150 million theft following hack ποΈ
π Read
via "The Daily Swig".
Security firm said attackers executed a βtransfer-out, swap, and washβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Crypto-exchange BitMart reports $150 million theft following hack
Security firm said attackers executed a βtransfer-out, swap, and washβ
βΌ CVE-2021-4069 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Use After Freeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43469 βΌ
π Read
via "National Vulnerability Database".
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.π Read
via "National Vulnerability Database".
β Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it β
π Read
via "Naked Security".
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.π Read
via "Naked Security".
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
Mozillaβs cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
βΌ CVE-2021-43471 βΌ
π Read
via "National Vulnerability Database".
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.π Read
via "National Vulnerability Database".
π΄ Why the C-Suite Doesn't Need Access to All Corporate Data π΄
π Read
via "Dark Reading".
If zero trust is to work properly, then it must apply to everyone.π Read
via "Dark Reading".
Dark Reading
Why the C-Suite Doesn't Need Access to All Corporate Data
If zero trust is to work properly, then it must apply to everyone.
π¦Ώ How to lock a Zoom meeting to keep out unwanted guests π¦Ώ
π Read
via "Tech Republic".
One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.π Read
via "Tech Republic".
TechRepublic
How to lock a Zoom meeting to keep out unwanted guests | TechRepublic
One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.
ποΈ Critical vulnerabilities in open source forum software NodeBB could lead to RCE ποΈ
π Read
via "The Daily Swig".
Personal data, account access is at riskπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical vulnerabilities in open source forum software NodeBB could lead to RCE
Personal data, account access is at risk
β Cryptocurrency startup fails to subtract before adding, loses $31m β
π Read
via "Naked Security".
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?π Read
via "Naked Security".
Naked Security
Cryptocurrency startup fails to subtract before adding, loses $31m
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didnβt take away 42. How much is left?
β Pegasus Spyware Infects U.S. State Department iPhones β
π Read
via "Threat Post".
It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy.π Read
via "Threat Post".
Threat Post
Pegasus Spyware Infects U.S. State Department iPhones
It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy.
ποΈ Web security bugs discovered in CATIE assisted living framework ποΈ
π Read
via "The Daily Swig".
Care home communications tool conundrumπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Web security bugs discovered in CATIE assisted living framework
Care home communications tool conundrum
βΌ CVE-2021-24931 βΌ
π Read
via "National Vulnerability Database".
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24938 βΌ
π Read
via "National Vulnerability Database".
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24917 βΌ
π Read
via "National Vulnerability Database".
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25041 βΌ
π Read
via "National Vulnerability Database".
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX actionπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-24939 βΌ
π Read
via "National Vulnerability Database".
The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24759 βΌ
π Read
via "National Vulnerability Database".
The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".