βΌ CVE-2021-42717 βΌ
π Read
via "National Vulnerability Database".
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40578 βΌ
π Read
via "National Vulnerability Database".
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38759 βΌ
π Read
via "National Vulnerability Database".
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42683 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42567 βΌ
π Read
via "National Vulnerability Database".
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43963 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)π Read
via "National Vulnerability Database".
βΌ CVE-2021-42681 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42682 βΌ
π Read
via "National Vulnerability Database".
An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43810 βΌ
π Read
via "National Vulnerability Database".
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.π Read
via "National Vulnerability Database".
π΄ New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security π΄
π Read
via "Dark Reading".
More than two-Thirds (69%) of respondents believe an attack on their storage & backup environment will have "significant" or "catastrophic" impact.π Read
via "Dark Reading".
Dark Reading
New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security
More than two-Thirds (69%) of respondents believe an attack on their storage & backup environment will have "significant" or "catastrophic" impact.
π’ More than 90% of IT decision makers reuse passwords π’
π Read
via "ITPro".
Bitwarden survey also finds that half of IT professionals share their passwords with colleaguesπ Read
via "ITPro".
IT PRO
More than 90% of IT decision makers reuse passwords | IT PRO
Bitwarden survey also finds that half of IT professionals share their passwords with colleagues
π’ Access brokers are making it easier for ransomware operators to attack businesses π’
π Read
via "ITPro".
A new business model has been uncovered that makes it much easier for attackers to gain access to business' networksπ Read
via "ITPro".
IT PRO
Access brokers are making it easier for ransomware operators to attack businesses | IT PRO
A new business model has been uncovered that makes it much easier for attackers to gain access to business' networks
π’ UK and Singapore align closer on digital trade π’
π Read
via "ITPro".
Three agreements have been signed which focus on facilitating digital trade, cyber security, and digital identities between the two nationsπ Read
via "ITPro".
IT PRO
UK and Singapore align closer on digital trade | IT PRO
Three agreements have been signed which focus on facilitating digital trade, cyber security, and digital identities between the two nations
π’ What is SSID? π’
π Read
via "ITPro".
We look at what SSID is and how it is used to connect devices to the internetπ Read
via "ITPro".
IT PRO
What is SSID? | IT PRO
We look at what SSID is and how it is used to connect devices to the internet
π’ What is single sign-on (SSO)? π’
π Read
via "ITPro".
We explain how SSO works and why you need itπ Read
via "ITPro".
IT PRO
What is single sign-on (SSO)? | IT PRO
We explain how SSO works and why you need it
π’ RNLI takes website offline after suspected cyber attack π’
π Read
via "ITPro".
The charity has not linked the incident to the recent pressure campaign from Britain Firstπ Read
via "ITPro".
IT PRO
RNLI takes website offline after suspected cyber attack | IT PRO
The charity has not linked the incident to the recent pressure campaign from Britain First
π’ How to boot Windows 11 in Safe Mode π’
π Read
via "ITPro".
Unless youβre a complete Windows 11 novice, youβll have come across Safe Mode before - but what exactly is it, and how do you access it in Windows 11?π Read
via "ITPro".
ITPro
How to boot into Windows 11 Safe Mode
Long-time Windows users will already be familiar with Windows 11 Safe Mode, but what exactly is it for and how do you boot your system into it?
π’ IT Pro 20/20: The problem with diversity in cyber security leadership π’
π Read
via "ITPro".
Why failing to address a shortage of women in senior roles puts businesses at risk - issue 23 is available to download nowπ Read
via "ITPro".
IT PRO
IT Pro 20/20: The problem with diversity in cyber security leadership | IT PRO
Why failing to address a shortage of women in senior roles puts businesses at risk - issue 23 is available to download now
π’ Data protection policies and procedures π’
π Read
via "ITPro".
Why your company needs them, and what they should includeπ Read
via "ITPro".
IT PRO
Data protection policies and procedures | IT PRO
Why your company needs them, and what they should include
π’ BitMart suspends withdrawals following hack π’
π Read
via "ITPro".
Hackers managed to get away with at least $150 million (Β£113 million) in cryptocurrenciesπ Read
via "ITPro".
IT PRO
BitMart suspends withdrawals following hack | IT PRO
Hackers managed to get away with at least $150 million (Β£113 million) in cryptocurrencies
π’ IT Pro News In Review: Cyber attack at Ikea, Meta ordered to sell Giphy, new Twitter CEO π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: Cyber attack at Ikea, Meta ordered to sell Giphy, new Twitter CEO
Catch up on the biggest headlines of the week in just two minutes