‼ CVE-2021-34141 ‼
📖 Read
via "National Vulnerability Database".
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43838 ‼
📖 Read
via "National Vulnerability Database".
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.📖 Read
via "National Vulnerability Database".
🕴 How Risky Is the Log4J Vulnerability? 🕴
📖 Read
via "Dark Reading".
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?📖 Read
via "Dark Reading".
Dark Reading
How Risky Is the Log4J Vulnerability?
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?
‼ CVE-2021-41498 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41499 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41500 ‼
📖 Read
via "National Vulnerability Database".
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41497 ‼
📖 Read
via "National Vulnerability Database".
Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4130 ‼
📖 Read
via "National Vulnerability Database".
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4131 ‼
📖 Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45105 ‼
📖 Read
via "National Vulnerability Database".
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.📖 Read
via "National Vulnerability Database".
📢 Industry working group aims to standardize blockchain 'Identity of Things' 📢
📖 Read
via "ITPro".
Universal standards for blockchain-based identities aims to help promote interoperability and communication between IoT devices📖 Read
via "ITPro".
IT PRO
Industry working group aims to standardize blockchain 'Identity of Things' | IT PRO
Universal standards for blockchain-based identities aims to help promote interoperability and communication between IoT devices
📢 Sennheiser exposed personal data of 28,000 customers with leaky S3 bucket 📢
📖 Read
via "ITPro".
Server containing full names, email addresses, phone numbers, and supplier information was left open to the public for three years📖 Read
via "ITPro".
IT PRO
Sennheiser exposed personal data of 28,000 customers with leaky S3 bucket | IT PRO
Server containing full names, email addresses, phone numbers, and supplier information was left open to the public for three years
📢 Kronos services knocked offline by ransomware attack 📢
📖 Read
via "ITPro".
The popular human resources solutions provider has admitted that it may take "several weeks" to recover📖 Read
via "ITPro".
IT PRO
Kronos services knocked offline by ransomware attack | IT PRO
The popular human resources solutions provider has admitted that it may take "several weeks" to recover
📢 Gumtree site code made personal data of users and sellers publicly accessible 📢
📖 Read
via "ITPro".
Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website📖 Read
via "ITPro".
IT PRO
Gumtree site code made personal data of users and sellers publicly accessible | IT PRO
Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
👍1
📢 Ransomware groups will target smaller businesses in 2022 - report 📢
📖 Read
via "ITPro".
Scrutiny from law enforcement is causing groups to change tack, says analyst📖 Read
via "ITPro".
IT PRO
Ransomware groups will target smaller businesses in 2022 - report | IT PRO
Scrutiny from law enforcement is causing groups to change tack, says analyst
📢 Meta expands bug bounty programme to cover data scraping 📢
📖 Read
via "ITPro".
The move comes two years after a massive scraping incident on Facebook that resulted in data leaking online📖 Read
via "ITPro".
IT PRO
Meta expands bug bounty programme to cover data scraping | IT PRO
The move comes two years after a massive scraping incident on Facebook that resulted in data leaking online
📢 What is the Log4Shell vulnerability? 📢
📖 Read
via "ITPro".
The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come📖 Read
via "ITPro".
ITPro
What is the Log4Shell vulnerability?
The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come
📢 Australia and US sign CLOUD Act data-sharing deal to support criminal investigations 📢
📖 Read
via "ITPro".
The legislation allows law enforcement to simplify the process of obtaining electronic data from another country📖 Read
via "ITPro".
IT PRO
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations | IT PRO
The legislation allows law enforcement to simplify the process of obtaining electronic data from another country
📢 Google to rollout AI-based security across three UK airports 📢
📖 Read
via "ITPro".
Airports in Aberdeen, Glasgow, and Southampton will test a tool designed to make it easier to spot suspicious packages📖 Read
via "ITPro".
IT PRO
Google to rollout AI-based security across three UK airports | IT PRO
Airports in Aberdeen, Glasgow, and Southampton will test a tool designed to make it easier to spot suspicious packages
📢 Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn 📢
📖 Read
via "ITPro".
A component running on the popular business computers is vulnerable to a chained exploit that grants full access to attackers📖 Read
via "ITPro".
IT PRO
Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn | IT PRO
A component running on the popular business computers is vulnerable to a chained exploit that grants full access to attackers
📢 HMRC suffered 17 data breaches over 15 months 📢
📖 Read
via "ITPro".
According to a recent report, the breaches affected more than 3,000 individuals📖 Read
via "ITPro".
IT PRO
HMRC suffered 17 data breaches over 15 months | IT PRO
According to a recent report, the breaches affected more than 3,000 individuals