‼ CVE-2021-25525 ‼
📖 Read
via "National Vulnerability Database".
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37049 ‼
📖 Read
via "National Vulnerability Database".
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37053 ‼
📖 Read
via "National Vulnerability Database".
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.📖 Read
via "National Vulnerability Database".
🕴 Why Cloud Service Providers Are a Single Point of Failure 🕴
📖 Read
via "Dark Reading".
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.📖 Read
via "Dark Reading".
Dark Reading
Why Cloud Service Providers Are a Single Point of Failure
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.
❌ AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK ❌
📖 Read
via "Threat Post".
Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that […]📖 Read
via "Threat Post".
Threat Post
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
The flaws, which could enable attackers to disable security and gain kernel-level privileges, affect Amazon WorkSpaces and other cloud services that use USB over Ethernet.
‼ CVE-2021-41021 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3815 ‼
📖 Read
via "National Vulnerability Database".
utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41013 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27860 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41063 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41030 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36188 ‼
📖 Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41090 ‼
📖 Read
via "National Vulnerability Database".
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to reach these endpoints. If HTTPS with client authentication is not configured, these endpoints are accessible to unauthenticated users. Secrets found in these sections are used for delivering metrics to a Prometheus Remote Write system, authenticating against a system for discovering Prometheus targets, and authenticating against a system for collecting metrics. This does not apply for non-inlined secrets, such as `*_file` based secrets. This issue is patched in Grafana Agent versions 0.20.1 and 0.21.2. A few workarounds are available. Users who cannot upgrade should use non-inline secrets where possible. Users may also desire to restrict API access to Grafana Agent with some combination of restricting the network interfaces Grafana Agent listens on through `http_listen_address` in the `server` block, configuring Grafana Agent to use HTTPS with client authentication, and/or using firewall rules to restrict external access to Grafana Agent's API.📖 Read
via "National Vulnerability Database".
🔏 New Michigan Bill Would Protect Personal Data 🔏
📖 Read
via "".
While not sweeping, new legislation recently introduced in Michigan would push businesses to establish and maintain a written cybersecurity program to protect personal information.📖 Read
via "".
Digital Guardian
New Michigan Bill Would Protect Personal Data
While not sweeping, new legislation recently introduced in Michigan would push businesses to establish and maintain a written cybersecurity program to protect personal information.
📢 Chrome vs Firefox vs Microsoft Edge 📢
📖 Read
via "ITPro".
We put the web's three most popular browsers head-to-head📖 Read
via "ITPro".
ITPro
Best web browsers 2023: Firefox vs Google Chrome vs Microsoft Edge
Firefox vs Chrome vs Edge - discover which comes out on top in the ultimate battle to crown the very best browser
📢 Modern governance: The how-to guide 📢
📖 Read
via "ITPro".
Equipping organisations with the right tools for business resilience📖 Read
via "ITPro".
IT PRO
Modern governance: The how-to guide
Equipping organisations with the right tools for business resilience
📢 Microsoft launches Secured-core servers to combat ransomware 📢
📖 Read
via "ITPro".
Previously debuting on Windows PCs in 2019, the Secured-core initiative has reached servers in a bid to better protect infrastructure from cyber attacks like ransomware📖 Read
via "ITPro".
ITPro
Microsoft launches Secured-core servers to combat ransomware
Previously debuting on Windows PCs in 2019, the Secured-core initiative has reached servers in a bid to better protect infrastructure from cyber attacks like ransomware
📢 Google files lawsuit against Russian botnet operators 📢
📖 Read
via "ITPro".
The Glupteba botnet infected approximately one million Windows machines to steal data and mine cryptocurrencies📖 Read
via "ITPro".
IT PRO
Google files lawsuit against Russian botnet operators | IT PRO
The Glupteba botnet infected approximately one million Windows machines to steal data and mine cryptocurrencies
📢 One in eight Americans would fall victim to a phishing attack 📢
📖 Read
via "ITPro".
Phishing remains an effective attach mechanism, finds global test📖 Read
via "ITPro".
IT PRO
One in eight Americans would fall victim to a phishing attack | IT PRO
Phishing remains an effective attach mechanism, finds global test
🕴 Trickbot-Infected Machines Drop Emotet Samples 🕴
📖 Read
via "Dark Reading".
It's reportedly the first time this has happened since the takedown of Emotet in January 2021, say the researchers who made the discovery.📖 Read
via "Dark Reading".
Dark Reading
Trickbot-Infected Machines Drop Emotet Samples
It's reportedly the first time this has happened since the takedown of Emotet in January 2021, say the researchers who made the discovery.
🕴 How Do I Empower a Remote Workforce Without Compromising Security? 🕴
📖 Read
via "Dark Reading".
To transition to a zero-trust architecture, focus on doing the things that offer the most value.📖 Read
via "Dark Reading".
Dark Reading
How Do I Empower a Remote Workforce Without Compromising Security?
To transition to a zero-trust architecture, focus on doing the things that offer the most value.