β 2021 Wants Another Chance (A Lighter-Side Year in Review) β
π Read
via "Threat Post".
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.π Read
via "Threat Post".
Threat Post
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
βΌ CVE-2021-4179 βΌ
π Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-4177 βΌ
π Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Informationπ Read
via "National Vulnerability Database".
βΌ CVE-2021-37400 βΌ
π Read
via "National Vulnerability Database".
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45425 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37401 βΌ
π Read
via "National Vulnerability Database".
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.π Read
via "National Vulnerability Database".
βΌ CVE-2018-17875 βΌ
π Read
via "National Vulnerability Database".
A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20082 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45903 βΌ
π Read
via "National Vulnerability Database".
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.π Read
via "National Vulnerability Database".
π΄ An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks π΄
π Read
via "Dark Reading".
Ransomware demands a new approach to incident response.π Read
via "Dark Reading".
Dark Reading
An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks
Ransomware demands a new approach to incident response.
π Insider Threat: Definition & Examples π
π Read
via "".
A recent report said that almost half of data breaches involve an insider element. In this blog we define what constitutes an insider threat and give you nearly 50 examples to help illustrate the threat further.π Read
via "".
β That Toy You Got for Christmas Could Be Spying on You β
π Read
via "Threat Post".
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.π Read
via "Threat Post".
Threat Post
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.
π¦Ώ Check for Log4j vulnerabilities with this simple-to-use script π¦Ώ
π Read
via "Tech Republic".
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.π Read
via "Tech Republic".
TechRepublic
Check for Log4j vulnerabilities with this simple-to-use script
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.
βΌ CVE-2021-45814 βΌ
π Read
via "National Vulnerability Database".
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45812 βΌ
π Read
via "National Vulnerability Database".
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45813 βΌ
π Read
via "National Vulnerability Database".
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.π Read
via "National Vulnerability Database".
π΄ AV-Comparatives Reveals Results of Long-Term Tests of 19 Leading Endpoint Security Solutions π΄
π Read
via "Dark Reading".
The Business Security Test is a comprehensive investigation of corporate endpoint security solutions on the market.π Read
via "Dark Reading".
Dark Reading
AV-Comparatives Reveals Results of Long-Term Tests of 19 Leading Endpoint Security Solutions
The Business Security Test is a comprehensive investigation of corporate endpoint security solutions on the market.
π΄ After Google's Landmark Settlement, How Ad Networks Should Tackle Child Privacy π΄
π Read
via "Dark Reading".
To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children.π Read
via "Dark Reading".
Dark Reading
After Google's Landmark Settlement, How Ad Networks Should Tackle Child Privacy
To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children.
π΄ The Log4j Flaw Will Take Years to be Fully Addressed π΄
π Read
via "Dark Reading".
Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.π Read
via "Dark Reading".
Dark Reading
The Log4j Flaw Will Take Years to Be Fully Addressed
Over 80% of Java packages stored on Maven Central Repository have Log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.
βΌ CVE-2021-25990 βΌ
π Read
via "National Vulnerability Database".
In Γ’β¬ΕifmeΓ’β¬οΏ½, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44161 βΌ
π Read
via "National Vulnerability Database".
Changing MOTP (Mobile One Time Password) systemΓ’β¬β’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.π Read
via "National Vulnerability Database".