βΌ CVE-2021-44159 βΌ
π Read
via "National Vulnerability Database".
4MOSAn GCB DoctorΓ’β¬β’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44162 βΌ
π Read
via "National Vulnerability Database".
Chain Sea ai chatbot systemΓ’β¬β’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44163 βΌ
π Read
via "National Vulnerability Database".
Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44164 βΌ
π Read
via "National Vulnerability Database".
Chain Sea ai chatbot systemΓ’β¬β’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.π Read
via "National Vulnerability Database".
β Log4Shell: The Movieβ¦ a short, safe visual tour for work and home β
π Read
via "Naked Security".
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!π Read
via "Naked Security".
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
Be happy that your sysadmins are taking one (three, actually!) for the team right nowβ¦ hereβs why!
βΌ CVE-2021-41561 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44916 βΌ
π Read
via "National Vulnerability Database".
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44224 βΌ
π Read
via "National Vulnerability Database".
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).π Read
via "National Vulnerability Database".
βΌ CVE-2021-44790 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.π Read
via "National Vulnerability Database".
ποΈ Healthcare provider Texas ENT alerts 535,000 patients to data breach ποΈ
π Read
via "The Daily Swig".
Unauthorized intruder exfiltrated personal data over a six-day periodπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Healthcare provider Texas ENT alerts 535,000 patients to data breach
Unauthorized intruder exfiltrated personal data over a six-day period
π΄ Zero Trust Shouldnβt Mean Zero Trust in Employees π΄
π Read
via "Dark Reading".
Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.π Read
via "Dark Reading".
Dark Reading
Zero Trust Shouldnβt Mean Zero Trust in Employees
Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.
βΌ CVE-2020-8105 βΌ
π Read
via "National Vulnerability Database".
OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz.π Read
via "National Vulnerability Database".
ποΈ Security researcher earns plaudits after discovering Yandex SSRF flaw ποΈ
π Read
via "The Daily Swig".
Russian language search engine has secured its backend infrastructureπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security researcher earns plaudits after discovering Yandex SSRF flaw
Russian language search engine has secured its backend infrastructure
β Third Log4J Bug Can Trigger DoS; Apache Issues Patch β
π Read
via "Threat Post".
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.π Read
via "Threat Post".
Threat Post
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.
π΄ Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022 π΄
π Read
via "Dark Reading".
Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar.π Read
via "Dark Reading".
Dark Reading
Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022
Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar.
π΄ Reblaze Appoints New CEO π΄
π Read
via "Dark Reading".
Ziv Oren previously held the position of chief operations officer at the company.π Read
via "Dark Reading".
Dark Reading
Reblaze Appoints New CEO
Ziv Oren previously held the position of chief operations officer at the company.
π΄ Trend Micro Crowns Champions of 2021 Capture the Flag Competition π΄
π Read
via "Dark Reading".
Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning.π Read
via "Dark Reading".
Dark Reading
Trend Micro Crowns Champions of 2021 Capture the Flag Competition
Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning.
π¦Ώ Surveillance-for-hire: Are you a target of the booming spy business? π¦Ώ
π Read
via "Tech Republic".
Meta has exposed and acted against entities that have been spying on people and organizations around the globe. Find out how the threat actors operate and learn what you can do to protect yourself.π Read
via "Tech Republic".
TechRepublic
Surveillance-for-hire: Are you a target of the booming spy business?
Meta has exposed and acted against entities that have been spying on people and organizations around the globe. Find out how the threat actors operate and learn what you can do to protect yourself.
π Wapiti Web Application Vulnerability Scanner 3.0.9 π
π Read
via "Packet Storm Security".
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.π Read
via "Packet Storm Security".
Packetstormsecurity
Wapiti Web Application Vulnerability Scanner 3.0.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security π΄
π Read
via "Dark Reading".
While the shipping industry's cyber posture was better than companies in the Forbes Global 2000, the industry performed lower in key risk group factors.π Read
via "Dark Reading".
Dark Reading
SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security
While the shipping industry's cyber posture was better than companies in the Forbes Global 2000, the industry performed lower in key risk group factors.
π΄ BlackBerry Launches New Managed Extended Detection and Response (XDR) Service π΄
π Read
via "Dark Reading".
Company partners with Exabeam to launch update to its BlackBerry Guard managed detection and response (MDR) service.π Read
via "Dark Reading".
Dark Reading
BlackBerry Launches New Managed Extended Detection and Response (XDR) Service
Company partners with Exabeam to launch update to its BlackBerry Guard managed detection and response (MDR) service.