βΌ CVE-2021-4092 βΌ
π Read
via "National Vulnerability Database".
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-4097 βΌ
π Read
via "National Vulnerability Database".
phpservermon is vulnerable to Improper Neutralization of CRLF Sequencesπ Read
via "National Vulnerability Database".
π’ Hackers publish Vestas data following cyber attack π’
π Read
via "ITPro".
The move suggests the company didnβt comply with the hackers' ransom demandsπ Read
via "ITPro".
IT PRO
Hackers publish Vestas data following cyber attack | IT PRO
The move suggests the company didnβt comply with the hackers' ransom demands
π’ IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
ITPro
IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack
Catch up on the biggest headlines of the week in just two minutes
π’ South Australia government data breached in ransomware attack π’
π Read
via "ITPro".
Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark webπ Read
via "ITPro".
IT PRO
South Australia government data breached in ransomware attack | IT PRO
Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark web
π’ DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist π’
π Read
via "ITPro".
Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabiaπ Read
via "ITPro".
IT PRO
DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist | IT PRO
Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabia
π’ Avast to acquire self-sovereign identity firm Evernym π’
π Read
via "ITPro".
The acquisition will help Avast enhance its decentralized identity solutionsπ Read
via "ITPro".
IT PRO
Avast to acquire self-sovereign identity firm Evernym | IT PRO
The acquisition will help Avast enhance its decentralized identity solutions
π’ Microsoft Outlook displays full contact details for spoofed senders π’
π Read
via "ITPro".
Product harvests details from Active Directory without checking, say researchersπ Read
via "ITPro".
ITPro
Microsoft Outlook displays full contact details for spoofed senders
Product harvests details from Active Directory without checking, say researchers
π’ LastPass announces integration with Google Workspace π’
π Read
via "ITPro".
Employers can now automatically provide employees with a LastPass account through Googleβs directory integrationπ Read
via "ITPro".
IT PRO
LastPass announces integration with Google Workspace | IT PRO
Employers can now automatically provide employees with a LastPass account through Googleβs directory integration
π’ Russia blocks access to Tor in censorship push π’
π Read
via "ITPro".
The Russian government has blocked access to the project's website, and default Tor bridges are no longer workingπ Read
via "ITPro".
IT PRO
Russia blocks access to Tor in censorship push | IT PRO
The Russian government has blocked access to the project's website, and default Tor bridges are no longer working
π’ Top 200 most common passwords of 2021 revealed π’
π Read
via "ITPro".
Unsurprisingly, the vast majority take less than a second to crackπ Read
via "ITPro".
IT PRO
Top 200 most common passwords of 2021 revealed | IT PRO
Unsurprisingly, the vast majority take less than a second to crack
π’ UK and US agree deeper data-sharing partnership π’
π Read
via "ITPro".
The partnership will see the two nations form a comprehensive strategy to share data that aligns with both domestic data sharing and protection frameworksπ Read
via "ITPro".
IT PRO
UK and US agree deeper data-sharing partnership | IT PRO
The partnership will see the two nations form a comprehensive strategy to share data that aligns with both domestic data sharing and protection frameworks
π’ HornetSecurity 365 Total Protection review: Keeping email squeaky clean π’
π Read
via "ITPro".
Tough email protection for Microsoft 365 thatβs simple to deploy, easy to manage and very affordableπ Read
via "ITPro".
ITPro
HornetSecurity 365 Total Protection review: Keeping email squeaky clean
Tough email protection for Microsoft 365 thatβs simple to deploy, easy to manage and very affordable
π’ Android bug prevents users from calling emergency services π’
π Read
via "ITPro".
Google has confirmed that the glitch is affecting devices that have Microsoft Teams installedπ Read
via "ITPro".
ITPro
Android bug prevents users from calling emergency services
Google has confirmed that the glitch is affecting devices that have Microsoft Teams installed
βΌ CVE-2021-44833 βΌ
π Read
via "National Vulnerability Database".
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.π Read
via "National Vulnerability Database".
π1
β Log4Shell explained β how it works, why you need to know, and how to fix it β
π Read
via "Naked Security".
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-40858 βΌ
π Read
via "National Vulnerability Database".
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44847 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44154 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44155 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44151 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.π Read
via "National Vulnerability Database".
π1