π¦Ώ F-Secure uses flaw in at-home COVID-19 test to fake results π¦Ώ
π Read
via "Tech Republic".
Security researchers used a Bluetooth vulnerability to change negative results to positive.π Read
via "Tech Republic".
TechRepublic
F-Secure uses flaw in at-home COVID-19 test to fake results
Security researchers used a Bluetooth vulnerability to change negative results to positive.
β FBI: Another Zoho ManageEngine Zero-Day Under Active Attack β
π Read
via "Threat Post".
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.π Read
via "Threat Post".
Threat Post
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.
βΌ CVE-2021-4139 βΌ
π Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
π΄ The Future of Ransomware π΄
π Read
via "Dark Reading".
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.π Read
via "Dark Reading".
Dark Reading
The Future of Ransomware
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.
ποΈ Browser security: Google fixes Chrome Site Isolation bypass bug ποΈ
π Read
via "The Daily Swig".
Vulnerability in Chromeβs service worker feature created chink in browserβs armorπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Browser security: Google fixes Chrome Site Isolation bypass bug
Vulnerability in Chromeβs service worker feature created chink in browserβs armor
π΄ A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch π΄
π Read
via "Dark Reading".
Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.π Read
via "Dark Reading".
Dark Reading
A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch
Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.
ποΈ Survey scams rekindled using advertising industry tricks to deliver tailor-made assaults ποΈ
π Read
via "The Daily Swig".
More bad men than Mad Menπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Survey scams rekindled using advertising industry tricks to deliver tailor-made assaults
More bad men than Mad Men
β Two Active Directory Bugs Lead to Easy Windows Domain Takeover β
π Read
via "Threat Post".
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.π Read
via "Threat Post".
Threat Post
Two Active Directory Bugs Lead to Easy Windows Domain Takeover
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
βΌ CVE-2012-20001 βΌ
π Read
via "National Vulnerability Database".
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45090 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security before 2.1.2 allows remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45089 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45091 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.π Read
via "National Vulnerability Database".
β Apacheβs other product: Critical bugs in βhttpdβ web server, patch now! β
π Read
via "Naked Security".
The Apache web server just got an update - this one is nothing to do with Log4j!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Log4Shell: The Movieβ¦ a short, safe visual tour for work and home β
π Read
via "Naked Security".
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!π Read
via "Naked Security".
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
Be happy that your sysadmins are taking one (three, actually!) for the team right nowβ¦ hereβs why!
βΌ CVE-2021-43587 βΌ
π Read
via "National Vulnerability Database".
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36350 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36318 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45291 βΌ
π Read
via "National Vulnerability Database".
The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27451 βΌ
π Read
via "National Vulnerability Database".
Mesa Labs AmegaView Versions 3.0 and priorΓ’β¬β’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36317 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45289 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.π Read
via "National Vulnerability Database".