β Kronos Ransomware Outage Drives Widespread Payroll Chaos β
π Read
via "Threat Post".
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.π Read
via "Threat Post".
Threat Post
Kronos Ransomware Outage Drives Widespread Payroll Chaos
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.
π΄ Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums π΄
π Read
via "Dark Reading".
Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.π Read
via "Dark Reading".
Dark Reading
Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums
Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.
β Log4Shell explained β how it works, why you need to know, and how to fix it β
π Read
via "Naked Security".
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Apple security updates are out β and not a Log4Shell mention in sight β
π Read
via "Naked Security".
Get 'em while they're hot!π Read
via "Naked Security".
Naked Security
Apple security updates are out β and not a Log4Shell mention in sight
Get βem while theyβre hot!
βΌ CVE-2021-44524 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44435 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44010 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44005 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44017 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44015 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44441 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44011 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44003 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44446 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44448 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44522 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44431 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44445 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44449 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)π Read
via "National Vulnerability Database".
βΌ CVE-2021-4104 βΌ
π Read
via "National Vulnerability Database".
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44004 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.π Read
via "National Vulnerability Database".