‼ CVE-2021-29214 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31746 ‼
📖 Read
via "National Vulnerability Database".
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.📖 Read
via "National Vulnerability Database".
❌ Next-Gen Maldocs & How to Solve the Human Vulnerability ❌
📖 Read
via "Threat Post".
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.📖 Read
via "Threat Post".
Threat Post
Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
🦿 Study: Most phishing pages are abandoned or disappear in a matter of days 🦿
📖 Read
via "Tech Republic".
Research from Kaspersky finds that a quarter of phishing sites are gone within 13 hours — how in the world can we catch and stop cyber criminals that move so quickly?📖 Read
via "Tech Republic".
TechRepublic
Study: Most phishing pages are abandoned or disappear in a matter of days
Research from Kaspersky finds that a quarter of phishing sites are gone within 13 hours — how in the world can we catch and stop cyber criminals that move so quickly?
🦿 Hackers reported 21% more vulnerabilities in 2021 than in 2020 🦿
📖 Read
via "Tech Republic".
HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump?📖 Read
via "Tech Republic".
TechRepublic
Hackers reported 21% more vulnerabilities in 2021 than in 2020
HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump?
‼ CVE-2021-4089 ‼
📖 Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Access Control📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31747 ‼
📖 Read
via "National Vulnerability Database".
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23639 ‼
📖 Read
via "National Vulnerability Database".
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27983 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23663 ‼
📖 Read
via "National Vulnerability Database".
All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23700 ‼
📖 Read
via "National Vulnerability Database".
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23463 ‼
📖 Read
via "National Vulnerability Database".
The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23561 ‼
📖 Read
via "National Vulnerability Database".
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27984 ‼
📖 Read
via "National Vulnerability Database".
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41242 ‼
📖 Read
via "National Vulnerability Database".
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4092 ‼
📖 Read
via "National Vulnerability Database".
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4097 ‼
📖 Read
via "National Vulnerability Database".
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences📖 Read
via "National Vulnerability Database".
📢 Hackers publish Vestas data following cyber attack 📢
📖 Read
via "ITPro".
The move suggests the company didn’t comply with the hackers' ransom demands📖 Read
via "ITPro".
IT PRO
Hackers publish Vestas data following cyber attack | IT PRO
The move suggests the company didn’t comply with the hackers' ransom demands
📢 IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
ITPro
IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack
Catch up on the biggest headlines of the week in just two minutes
📢 South Australia government data breached in ransomware attack 📢
📖 Read
via "ITPro".
Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark web📖 Read
via "ITPro".
IT PRO
South Australia government data breached in ransomware attack | IT PRO
Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark web
📢 DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist 📢
📖 Read
via "ITPro".
Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabia📖 Read
via "ITPro".
IT PRO
DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist | IT PRO
Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabia