βΌ CVE-2021-37400 βΌ
π Read
via "National Vulnerability Database".
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45425 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37401 βΌ
π Read
via "National Vulnerability Database".
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.π Read
via "National Vulnerability Database".
βΌ CVE-2018-17875 βΌ
π Read
via "National Vulnerability Database".
A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20082 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45903 βΌ
π Read
via "National Vulnerability Database".
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.π Read
via "National Vulnerability Database".
π΄ An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks π΄
π Read
via "Dark Reading".
Ransomware demands a new approach to incident response.π Read
via "Dark Reading".
Dark Reading
An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks
Ransomware demands a new approach to incident response.
π Insider Threat: Definition & Examples π
π Read
via "".
A recent report said that almost half of data breaches involve an insider element. In this blog we define what constitutes an insider threat and give you nearly 50 examples to help illustrate the threat further.π Read
via "".
β That Toy You Got for Christmas Could Be Spying on You β
π Read
via "Threat Post".
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.π Read
via "Threat Post".
Threat Post
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.
π¦Ώ Check for Log4j vulnerabilities with this simple-to-use script π¦Ώ
π Read
via "Tech Republic".
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.π Read
via "Tech Republic".
TechRepublic
Check for Log4j vulnerabilities with this simple-to-use script
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.
βΌ CVE-2021-45814 βΌ
π Read
via "National Vulnerability Database".
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45812 βΌ
π Read
via "National Vulnerability Database".
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45813 βΌ
π Read
via "National Vulnerability Database".
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.π Read
via "National Vulnerability Database".
π΄ AV-Comparatives Reveals Results of Long-Term Tests of 19 Leading Endpoint Security Solutions π΄
π Read
via "Dark Reading".
The Business Security Test is a comprehensive investigation of corporate endpoint security solutions on the market.π Read
via "Dark Reading".
Dark Reading
AV-Comparatives Reveals Results of Long-Term Tests of 19 Leading Endpoint Security Solutions
The Business Security Test is a comprehensive investigation of corporate endpoint security solutions on the market.
π΄ After Google's Landmark Settlement, How Ad Networks Should Tackle Child Privacy π΄
π Read
via "Dark Reading".
To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children.π Read
via "Dark Reading".
Dark Reading
After Google's Landmark Settlement, How Ad Networks Should Tackle Child Privacy
To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children.
π΄ The Log4j Flaw Will Take Years to be Fully Addressed π΄
π Read
via "Dark Reading".
Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.π Read
via "Dark Reading".
Dark Reading
The Log4j Flaw Will Take Years to Be Fully Addressed
Over 80% of Java packages stored on Maven Central Repository have Log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.
βΌ CVE-2021-25990 βΌ
π Read
via "National Vulnerability Database".
In Γ’β¬ΕifmeΓ’β¬οΏ½, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44161 βΌ
π Read
via "National Vulnerability Database".
Changing MOTP (Mobile One Time Password) systemΓ’β¬β’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25989 βΌ
π Read
via "National Vulnerability Database".
In Γ’β¬ΕifmeΓ’β¬οΏ½, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44160 βΌ
π Read
via "National Vulnerability Database".
Carinal Tien Hospital Health Report SystemΓ’β¬β’s login page has improper authentication, a remote attacker can acquire another general userΓ’β¬β’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25991 βΌ
π Read
via "National Vulnerability Database".
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to self-ban themself leading to their deactivation from Ifme account and complete loss of admin access in Ifme.π Read
via "National Vulnerability Database".