โผ CVE-2021-4123 โผ
๐ Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)๐ Read
via "National Vulnerability Database".
๐๏ธ How expired web domains help criminal hackers unlock enterprise defenses ๐๏ธ
๐ Read
via "The Daily Swig".
Allow domains to โdropโ and youโre increasing the effectiveness of a variety of attacks๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
How expired web domains help criminal hackers unlock enterprise defenses
Allow domains to โdropโ and youโre increasing the effectiveness of a variety of attacks
โผ CVE-2021-40835 โผ
๐ Read
via "National Vulnerability Database".
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.๐ Read
via "National Vulnerability Database".
โ โDarkWatchmanโ RAT Shows Evolution in Fileless Malware โ
๐ Read
via "Threat Post".
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.๐ Read
via "Threat Post".
Threat Post
โDarkWatchmanโ RAT Shows Evolution in Fileless Malware
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
๐๏ธ UK government reveals plans to become โglobal cyber powerโ in 2022 ๐๏ธ
๐ Read
via "The Daily Swig".
National Cyber Security Centre leads scheme to increase capabilities๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government reveals plans to become โglobal cyber powerโ in 2022
National Cyber Security Centre leads scheme to increase capabilities
๐ด Dear Congress: It's Complicated. Please Consider This When Crafting New Cybersecurity Legislation ๐ด
๐ Read
via "Dark Reading".
As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?๐ Read
via "Dark Reading".
Dark Reading
Dear Congress: It's Complicated. Please Consider This When Crafting New Cybersecurity Legislation
As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?
โผ CVE-2021-4124 โผ
๐ Read
via "National Vulnerability Database".
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')๐ Read
via "National Vulnerability Database".
๐ฆฟ How to install the ConfigServer and Security Firewall combo on Ubuntu Server ๐ฆฟ
๐ Read
via "Tech Republic".
If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.๐ Read
via "Tech Republic".
TechRepublic
How to install the ConfigServer and Security Firewall combo on Ubuntu Server
If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.
๐๏ธ SAP squashes SQL injection, XSS bugs in December patch round ๐๏ธ
๐ Read
via "The Daily Swig".
CVSS severity scores range from 2.4 to 9.9๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SAP squashes SQL injection, XSS bugs in December patch round
CVSS severity scores range from 2.4 to 9.9
โผ CVE-2021-3959 โผ
๐ Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3960 โผ
๐ Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272๐ Read
via "National Vulnerability Database".
โ Apple security updates are out โ and not a Log4Shell mention in sight โ
๐ Read
via "Naked Security".
Get 'em while they're hot!๐ Read
via "Naked Security".
Naked Security
Apple security updates are out โ and not a Log4Shell mention in sight
Get โem while theyโre hot!
โ๏ธ NY Man Pleads Guilty in $20 Million SIM Swap Theft โ๏ธ
๐ Read
via "Krebs on Security".
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent "SIM swaps," scams in which identity thieves hijack a targetโs mobile phone number and use that to wrest control over the victimโs online identities.๐ Read
via "Krebs on Security".
Krebs on Security
NY Man Pleads Guilty in $20 Million SIM Swap Theft
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged toโฆ
๐ด Log4Shell: The Big Picture ๐ด
๐ Read
via "Dark Reading".
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.๐ Read
via "Dark Reading".
Dark Reading
Log4Shell: The Big Picture
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.
โ S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript] โ
๐ Read
via "Naked Security".
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)๐ Read
via "Naked Security".
Naked Security
S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]
Latest episode โ listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
๐ฆฟ How organizations should prioritize security vulnerabilities ๐ฆฟ
๐ Read
via "Tech Republic".
Organizations are not always linking the actual data on vulnerabilities with the specific risks to their business, says Cyber Vulcan.๐ Read
via "Tech Republic".
TechRepublic
How organizations should prioritize security vulnerabilities
Organizations are not always linking the actual data on vulnerabilities with the specific risks to their business, says Cyber Vulcan.
โ โPseudoManuscryptโ Mass Spyware Campaign Targets 35K Systems โ
๐ Read
via "Threat Post".
Itโs similar to Lazarusโs Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.๐ Read
via "Threat Post".
Threat Post
โPseudoManuscryptโ Mass Spyware Campaign Targets 35K Systems
Itโs similar to Lazarusโs Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
โผ CVE-2021-41260 โผ
๐ Read
via "National Vulnerability Database".
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42912 โผ
๐ Read
via "National Vulnerability Database".
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41962 โผ
๐ Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service.๐ Read
via "National Vulnerability Database".
โ โTropic Trooperโ Reemerges to Target Transportation Outfits โ
๐ Read
via "Threat Post".
Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies.๐ Read
via "Threat Post".
Threat Post
โTropic Trooperโ Reemerges to Target Transportation Outfits
Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies.