βΌ CVE-2021-24849 βΌ
π Read
via "National Vulnerability Database".
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injectionsπ Read
via "National Vulnerability Database".
π΄ How is Zero Trust Evolving to be More Continuous in Verifying Trust? π΄
π Read
via "Dark Reading".
For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience.π Read
via "Dark Reading".
Dark Reading
How Is Zero Trust Evolving to Be More Continuous in Verifying Trust?
For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience.
βΌ CVE-2021-45255 βΌ
π Read
via "National Vulnerability Database".
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45253 βΌ
π Read
via "National Vulnerability Database".
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45252 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.π Read
via "National Vulnerability Database".
ποΈ Ubisoft confirms Just Dance video game data breach ποΈ
π Read
via "The Daily Swig".
Developer said no accounts had been improperly accessedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ubisoft confirms Just Dance video game data breach
Developer said no accounts had been improperly accessed
π¦Ώ F-Secure uses flaw in at-home COVID-19 test to fake results π¦Ώ
π Read
via "Tech Republic".
Security researchers used a Bluetooth vulnerability to change negative results to positive.π Read
via "Tech Republic".
TechRepublic
F-Secure uses flaw in at-home COVID-19 test to fake results
Security researchers used a Bluetooth vulnerability to change negative results to positive.
β FBI: Another Zoho ManageEngine Zero-Day Under Active Attack β
π Read
via "Threat Post".
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.π Read
via "Threat Post".
Threat Post
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.
βΌ CVE-2021-4139 βΌ
π Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
π΄ The Future of Ransomware π΄
π Read
via "Dark Reading".
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.π Read
via "Dark Reading".
Dark Reading
The Future of Ransomware
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.
ποΈ Browser security: Google fixes Chrome Site Isolation bypass bug ποΈ
π Read
via "The Daily Swig".
Vulnerability in Chromeβs service worker feature created chink in browserβs armorπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Browser security: Google fixes Chrome Site Isolation bypass bug
Vulnerability in Chromeβs service worker feature created chink in browserβs armor
π΄ A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch π΄
π Read
via "Dark Reading".
Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.π Read
via "Dark Reading".
Dark Reading
A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch
Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.
ποΈ Survey scams rekindled using advertising industry tricks to deliver tailor-made assaults ποΈ
π Read
via "The Daily Swig".
More bad men than Mad Menπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Survey scams rekindled using advertising industry tricks to deliver tailor-made assaults
More bad men than Mad Men
β Two Active Directory Bugs Lead to Easy Windows Domain Takeover β
π Read
via "Threat Post".
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.π Read
via "Threat Post".
Threat Post
Two Active Directory Bugs Lead to Easy Windows Domain Takeover
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
βΌ CVE-2012-20001 βΌ
π Read
via "National Vulnerability Database".
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45090 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security before 2.1.2 allows remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45089 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45091 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.π Read
via "National Vulnerability Database".
β Apacheβs other product: Critical bugs in βhttpdβ web server, patch now! β
π Read
via "Naked Security".
The Apache web server just got an update - this one is nothing to do with Log4j!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Log4Shell: The Movieβ¦ a short, safe visual tour for work and home β
π Read
via "Naked Security".
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!π Read
via "Naked Security".
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
Be happy that your sysadmins are taking one (three, actually!) for the team right nowβ¦ hereβs why!
βΌ CVE-2021-43587 βΌ
π Read
via "National Vulnerability Database".
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.π Read
via "National Vulnerability Database".