βΌ CVE-2021-39989 βΌ
π Read
via "National Vulnerability Database".
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20868 βΌ
π Read
via "National Vulnerability Database".
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain user credentials if external server authentication is enabled via a specific SOAP message sent by an administrative user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20871 βΌ
π Read
via "National Vulnerability Database".
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43942 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20872 βΌ
π Read
via "National Vulnerability Database".
Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20870 βΌ
π Read
via "National Vulnerability Database".
Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20869 βΌ
π Read
via "National Vulnerability Database".
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.π Read
via "National Vulnerability Database".
ποΈ Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug bounty rewards ποΈ
π Read
via "The Daily Swig".
Targets included GitHub, GitLab, HackerOne, and Cloudflareπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug bounty rewards
Targets included GitHub, GitLab, HackerOne, and Cloudflare
β Portuguese Media Giant Impresa Crippled by Ransomware Attack β
π Read
via "Threat Post".
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Yearβs weekend attack.π Read
via "Threat Post".
Threat Post
Portugal Media Giant Impresa Crippled by Ransomware Attack
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Yearβs weekend attack.
π¦Ώ Online privacy: DuckDuckGo just finished a banner year and looks for an even better 2022 π¦Ώ
π Read
via "Tech Republic".
Commentary: The privacy-oriented search engine keeps winning fans. Will it spur Google to improve its own privacy?π Read
via "Tech Republic".
TechRepublic
DuckDuckGo Has Profitable Year & Looks Ahead to 2022
DuckDuckGo is a privacy search engine that keeps winning fans. Will it continue in 2022 and will it spur Google to improve its privacy?
π΄ Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise π΄
π Read
via "Dark Reading".
The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.π Read
via "Dark Reading".
Dark Reading
Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise
The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.
π΄ Palo Alto Networks Appoints Helmut Reisinger to Leadership Team π΄
π Read
via "Dark Reading".
Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Appoints Helmut Reisinger to Leadership Team
Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.
π΄ Why CIOs Should Report to CISOs π΄
π Read
via "Dark Reading".
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.π Read
via "Dark Reading".
Dark Reading
Why CIOs Should Report to CISOs
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.
ποΈ Latest web hacking tools β Q1 2022 ποΈ
π Read
via "The Daily Swig".
We take a look at the latest additions to security researchersβ armoryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Latest web hacking tools β Q1 2022
We take a look at the latest additions to security researchersβ armory
βΌ CVE-2021-44168 βΌ
π Read
via "National Vulnerability Database".
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43711 βΌ
π Read
via "National Vulnerability Database".
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.π Read
via "National Vulnerability Database".
π΄ Vinnie Liu Has a Mission: Keeping People Safe Online and Offline π΄
π Read
via "Dark Reading".
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.π Read
via "Dark Reading".
Dark Reading
Vinnie Liu Has a Mission: Keeping People Safe Online and Offline
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.
ποΈ US retailer PulseTV warns of apparent credit card data breach ποΈ
π Read
via "The Daily Swig".
Payment system updated amidst fears 200,000 records may have been exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US retailer PulseTV warns of apparent credit card data breach
Payment system updated amidst fears 200,000 records may have been exposed
β McMenamins Data Breach Affects 12 Years of Employee Info β
π Read
via "Threat Post".
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.π Read
via "Threat Post".
Threat Post
McMenamins Data Breach Affects 12 Years of Employee Info
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
β Purple Fox Rootkit Dropped by Malicious Telegram Installers β
π Read
via "Threat Post".
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.π Read
via "Threat Post".
Threat Post
Purple Fox Rootkit Dropped by Malicious Telegram Installers
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
βΌ CVE-2021-45912 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.π Read
via "National Vulnerability Database".