βΌ CVE-2021-22955 βΌ
π Read
via "National Vulnerability Database".
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42127 βΌ
π Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42128 βΌ
π Read
via "National Vulnerability Database".
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42126 βΌ
π Read
via "National Vulnerability Database".
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44527 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42130 βΌ
π Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44186 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42131 βΌ
π Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40092 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42124 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40093 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42125 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42129 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42132 βΌ
π Read
via "National Vulnerability Database".
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40096 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40094 βΌ
π Read
via "National Vulnerability Database".
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.π Read
via "National Vulnerability Database".
π΄ Defending Against the Use of Deepfakes for Cyber Exploitation π΄
π Read
via "Dark Reading".
Deepfakes are increasingly concerning because they use AI to imitate human activities and can be used to augment social engineering attacks.π Read
via "Dark Reading".
Dark Reading
Defending Against the Use of Deepfakes for Cyber Exploitation
Deepfakes are increasingly concerning because they use AI to imitate human activities and can be used to augment social engineering attacks.
π¦Ώ "Hello Quantum World:" New cybersecurity service uses entanglement to generate cryptographic keys π¦Ώ
π Read
via "Tech Republic".
The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.π Read
via "Tech Republic".
TechRepublic
"Hello Quantum World:" New cybersecurity service uses entanglement to generate cryptographic keys
The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.
ποΈ Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchersβ disclosure ποΈ
π Read
via "The Daily Swig".
Two critical flaws addressed in cloud storage patch batchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchersβ disclosure
Two critical flaws addressed in cloud storage patch batch
ποΈ Drive-by RCE in Windows 10 βcan be executed with a single clickβ ποΈ
π Read
via "The Daily Swig".
Underlying security vulnerability is still present in popular OS, researchers warnπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Drive-by RCE in Windows 10 βcan be executed with a single clickβ
Underlying security vulnerability is still present in popular OS, researchers warn
π¦Ώ How and why people use password managers π¦Ώ
π Read
via "Tech Republic".
Password managers provide a more effective way to stay secure online but are still underutilized, says Security.org.π Read
via "Tech Republic".
TechRepublic
How and why people use password managers
Password managers provide a more effective way to stay secure online but are still underutilized, says Security.org.