βΌ CVE-2021-23463 βΌ
π Read
via "National Vulnerability Database".
The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23561 βΌ
π Read
via "National Vulnerability Database".
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27984 βΌ
π Read
via "National Vulnerability Database".
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41242 βΌ
π Read
via "National Vulnerability Database".
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4092 βΌ
π Read
via "National Vulnerability Database".
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-4097 βΌ
π Read
via "National Vulnerability Database".
phpservermon is vulnerable to Improper Neutralization of CRLF Sequencesπ Read
via "National Vulnerability Database".
π’ Hackers publish Vestas data following cyber attack π’
π Read
via "ITPro".
The move suggests the company didnβt comply with the hackers' ransom demandsπ Read
via "ITPro".
IT PRO
Hackers publish Vestas data following cyber attack | IT PRO
The move suggests the company didnβt comply with the hackers' ransom demands
π’ IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
ITPro
IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack
Catch up on the biggest headlines of the week in just two minutes
π’ South Australia government data breached in ransomware attack π’
π Read
via "ITPro".
Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark webπ Read
via "ITPro".
IT PRO
South Australia government data breached in ransomware attack | IT PRO
Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark web
π’ DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist π’
π Read
via "ITPro".
Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabiaπ Read
via "ITPro".
IT PRO
DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist | IT PRO
Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabia
π’ Avast to acquire self-sovereign identity firm Evernym π’
π Read
via "ITPro".
The acquisition will help Avast enhance its decentralized identity solutionsπ Read
via "ITPro".
IT PRO
Avast to acquire self-sovereign identity firm Evernym | IT PRO
The acquisition will help Avast enhance its decentralized identity solutions
π’ Microsoft Outlook displays full contact details for spoofed senders π’
π Read
via "ITPro".
Product harvests details from Active Directory without checking, say researchersπ Read
via "ITPro".
ITPro
Microsoft Outlook displays full contact details for spoofed senders
Product harvests details from Active Directory without checking, say researchers
π’ LastPass announces integration with Google Workspace π’
π Read
via "ITPro".
Employers can now automatically provide employees with a LastPass account through Googleβs directory integrationπ Read
via "ITPro".
IT PRO
LastPass announces integration with Google Workspace | IT PRO
Employers can now automatically provide employees with a LastPass account through Googleβs directory integration
π’ Russia blocks access to Tor in censorship push π’
π Read
via "ITPro".
The Russian government has blocked access to the project's website, and default Tor bridges are no longer workingπ Read
via "ITPro".
IT PRO
Russia blocks access to Tor in censorship push | IT PRO
The Russian government has blocked access to the project's website, and default Tor bridges are no longer working
π’ Top 200 most common passwords of 2021 revealed π’
π Read
via "ITPro".
Unsurprisingly, the vast majority take less than a second to crackπ Read
via "ITPro".
IT PRO
Top 200 most common passwords of 2021 revealed | IT PRO
Unsurprisingly, the vast majority take less than a second to crack
π’ UK and US agree deeper data-sharing partnership π’
π Read
via "ITPro".
The partnership will see the two nations form a comprehensive strategy to share data that aligns with both domestic data sharing and protection frameworksπ Read
via "ITPro".
IT PRO
UK and US agree deeper data-sharing partnership | IT PRO
The partnership will see the two nations form a comprehensive strategy to share data that aligns with both domestic data sharing and protection frameworks
π’ HornetSecurity 365 Total Protection review: Keeping email squeaky clean π’
π Read
via "ITPro".
Tough email protection for Microsoft 365 thatβs simple to deploy, easy to manage and very affordableπ Read
via "ITPro".
ITPro
HornetSecurity 365 Total Protection review: Keeping email squeaky clean
Tough email protection for Microsoft 365 thatβs simple to deploy, easy to manage and very affordable
π’ Android bug prevents users from calling emergency services π’
π Read
via "ITPro".
Google has confirmed that the glitch is affecting devices that have Microsoft Teams installedπ Read
via "ITPro".
ITPro
Android bug prevents users from calling emergency services
Google has confirmed that the glitch is affecting devices that have Microsoft Teams installed
βΌ CVE-2021-44833 βΌ
π Read
via "National Vulnerability Database".
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.π Read
via "National Vulnerability Database".
π1
β Log4Shell explained β how it works, why you need to know, and how to fix it β
π Read
via "Naked Security".
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-40858 βΌ
π Read
via "National Vulnerability Database".
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.π Read
via "National Vulnerability Database".