βΌ CVE-2020-19682 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19683 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41265 βΌ
π Read
via "National Vulnerability Database".
Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40281 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.π Read
via "National Vulnerability Database".
ποΈ Human error bugs increasingly making a splash in hacker-powered pen tests β report ποΈ
π Read
via "The Daily Swig".
HackerOne study charts effects of digital transformation and cloud migrationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Human error bugs increasingly making a splash in hacker-powered pen tests β report
HackerOne study charts effects of digital transformation and cloud migration
π΄ New Firefox Sandbox Isolates Third-Party Libraries π΄
π Read
via "Dark Reading".
RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries.π Read
via "Dark Reading".
Dark Reading
New Firefox Sandbox Isolates Third-Party Libraries
RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries.
βΌ CVE-2021-4084 βΌ
π Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-4081 βΌ
π Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-4082 βΌ
π Read
via "National Vulnerability Database".
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
β βKarakurtβ Extortion Threat Emerges, But Says No to Ransomware β
π Read
via "Threat Post".
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.π Read
via "Threat Post".
Threat Post
βKarakurtβ Extortion Threat Emerges, But Says No to Ransomware
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
ποΈ βLog4Shellβ vulnerability poses critical threat to applications using βubiquitousβ Java logging package Apache Log4j ποΈ
π Read
via "The Daily Swig".
Wide range of enterprise software impacted by CVSS 10-rated bugπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βLog4Shellβ vulnerability poses critical threat to applications using βubiquitousβ Java logging package Apache Log4j
βScope and potential impact unlike any component vulnerability I can recallβ
π΄ The Vulnerability Lag: Cut Ransomware Risks Resulting From Digital Transformation π΄
π Read
via "Dark Reading".
Exploring ransomware and other data integrity risks from accelerated digital transformation in the wake of COVID-19.π Read
via "Dark Reading".
Dark Reading
The Vulnerability Lag: Cut Ransomware Risks Resulting From Digital Transformation
Exploring ransomware and other data integrity risks from accelerated digital transformation in the wake of COVID-19.
π nfstream 6.4.0 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.4.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-37187 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37188 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40834 βΌ
π Read
via "National Vulnerability Database".
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37189 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35978 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.π Read
via "National Vulnerability Database".
ποΈ Russian man sentenced to prison for βcryptingβ service that concealed malware from antivirus programs ποΈ
π Read
via "The Daily Swig".
Underground service promised to render malicious software fully undetectable by nearly every major antivirus providerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Russian man sentenced to prison for βcryptingβ service that concealed malware from antivirus programs
Underground service promised to render malicious software fully undetectable by nearly every major antivirus provider
β Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites β
π Read
via "Threat Post".
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.π Read
via "Threat Post".
Threat Post
Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.
β βLog4Shellβ Java vulnerability β how to safeguard your servers β
π Read
via "Naked Security".
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j productπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News