π’ Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp π’
π Read
via "ITPro".
The company is seeking $500,000 from the unnamed threat actors that ran phishing scam on its platformsπ Read
via "ITPro".
IT PRO
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp | IT PRO
The company is seeking $500,000 from the unnamed threat actors that ran phishing scam on its platforms
π’ IT Pro 20/20: Does the UK stand a chance in the global AI race? π’
π Read
via "ITPro".
Lofty goals and a rich history in computer science may not be enough to stay relevantπ Read
via "ITPro".
IT PRO
IT Pro 20/20: Does the UK stand a chance in the global AI race? | IT PRO
Lofty goals and a rich history in computer science may not be enough to stay relevant
βΌ CVE-2021-40836 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Fixed in Capricorn update 2021-12-13_07.π Read
via "National Vulnerability Database".
ποΈ Multiple vulnerabilities in Microsoft Teams could spoof URLs, leak IP addresses ποΈ
π Read
via "The Daily Swig".
Only one of the issues has so far been patchedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Multiple vulnerabilities in Microsoft Teams could spoof URLs, leak IP addresses
Only one of the issues has so far been patched
β Four Bugs in Microsoft Teams Left Platform Vulnerable Since March β
π Read
via "Threat Post".
Attackers exploiting bugs in the βlink previewβ feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android userβs IP address and launch a DoS attack.π Read
via "Threat Post".
Threat Post
Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Attackers exploiting bugs in the βlink previewβ feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android userβs IP address and launch a DoS attack.
βΌ CVE-2021-36750 βΌ
π Read
via "National Vulnerability Database".
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40612 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.π Read
via "National Vulnerability Database".
ποΈ Anti-cheating browser extension fails web security examination ποΈ
π Read
via "The Daily Swig".
XSS flaw in Proctorio gets resolvedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Anti-cheating browser extension fails web security examination
XSS flaw in Proctorio gets resolved
π¦Ώ Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions π¦Ώ
π Read
via "Tech Republic".
Log4Shell is a dangerous security concern β and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.π Read
via "Tech Republic".
TechRepublic
Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions
Log4Shell is a dangerous security concern β and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.
ποΈ Bug bounty platforms handling thousands of Log4j vulnerability reports ποΈ
π Read
via "The Daily Swig".
Leading platforms report back from the front line as vendors grapple with landmark bug Bug bounty hunters have already submitted thousands of vulnerability reports related to the Apache Log4j bug thatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug bounty platforms handling thousands of Log4j vulnerability reports
Leading platforms report back from the front line as vendors grapple with landmark bug UPDATED Bug bounty hunters have already submitted thousands of vulnerability reports related to the Apache Log4j
βΌ CVE-2021-45418 βΌ
π Read
via "National Vulnerability Database".
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.π Read
via "National Vulnerability Database".
β Apacheβs other product: Critical bugs in βhttpdβ web server, patch now! β
π Read
via "Naked Security".
The Apache web server just got an update - this one is nothing to do with Log4j!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them! β
π Read
via "Naked Security".
Phew! An audacious crime... that didn't work out.π Read
via "Naked Security".
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
Phew! An audacious crimeβ¦ that didnβt work out.
β Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS β
π Read
via "Threat Post".
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.π Read
via "Threat Post".
Threat Post
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.
β PYSA Emerges as Top Ransomware Actor in November β
π Read
via "Threat Post".
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.π Read
via "Threat Post".
Threat Post
PYSA Emerges as Top Ransomware Actor in November
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
β All in One SEO Plugin Bug Threatens 3M Websites with Takeovers β
π Read
via "Threat Post".
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.π Read
via "Threat Post".
Threat Post
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
β Time to Ditch Big-Brother Accounts for Network Scanning β
π Read
via "Threat Post".
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.π Read
via "Threat Post".
Threat Post
Time to Ditch Big-Brother Accounts for Network Scanning
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
βΌ CVE-2021-39013 βΌ
π Read
via "National Vulnerability Database".
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45260 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44659 βΌ
π Read
via "National Vulnerability Database".
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-4113 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.π Read
via "National Vulnerability Database".