βΌ CVE-2021-46044 βΌ
π Read
via "National Vulnerability Database".
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).π Read
via "National Vulnerability Database".
βΌ CVE-2021-42841 βΌ
π Read
via "National Vulnerability Database".
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46043 βΌ
π Read
via "National Vulnerability Database".
A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.π Read
via "National Vulnerability Database".
π΄ Google Docs Comments Weaponized in New Phishing Campaign π΄
π Read
via "Dark Reading".
Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.π Read
via "Dark Reading".
Dark Reading
Google Docs Comments Weaponized in New Phishing Campaign
Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.
βΌ CVE-2021-25743 βΌ
π Read
via "National Vulnerability Database".
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21664 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21661 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21663 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21662 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
π΄ Enterprises Worry About Increased Data Risk in Cloud π΄
π Read
via "Dark Reading".
The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.π Read
via "Dark Reading".
Dark Reading
Enterprises Worry About Increased Data Risk in Cloud
The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.
ποΈ Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE ποΈ
π Read
via "The Daily Swig".
Buffer overflow flaw should be patched immediatelyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE
Buffer overflow flaw should be patched immediately
π΄ 7 Predictions for Global Energy Cybersecurity in 2022 π΄
π Read
via "Dark Reading".
Increased digitization makes strong cybersecurity more important than ever.π Read
via "Dark Reading".
Dark Reading
7 Predictions for Global Energy Cybersecurity in 2022
Increased digitization makes strong cybersecurity more important than ever.
β Log4J-Related RCE Flaw in H2 Database Earns Critical Rating β
π Read
via "Threat Post".
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.π Read
via "Threat Post".
Threat Post
Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
ποΈ Latest WordPress security release fixes XSS, SQL injection bugs ποΈ
π Read
via "The Daily Swig".
Quartet of software flaws addressed ahead of next major release of popular CMSπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Latest WordPress security release fixes XSS, SQL injection bugs
Quartet of software flaws addressed ahead of next major release of popular CMS
ποΈ Researchers discover Log4j-like flaw in H2 database console ποΈ
π Read
via "The Daily Swig".
Impact of JNDI bug mitigated by vulnerable behavior being disabled by defaultπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers discover Log4j-like flaw in H2 database console
Impact of JNDI bug mitigated by vulnerable behavior being disabled by default
β QNAP: Get NAS Devices Off the Internet Now β
π Read
via "Threat Post".
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.π Read
via "Threat Post".
Threat Post
QNAP: Get NAS Devices Off the Internet Now
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
β S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript] β
π Read
via "Naked Security".
We're back for 2022 - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
Weβre back for 2022 β listen now!
β Log4Shell-like security hole found in popular Java SQL database engine H2 β
π Read
via "Naked Security".
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.π Read
via "Naked Security".
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
βItβs Log4Shell, Jim, but not as we know it.β How to find and fix a JNDI-based vuln in the H2 Database Engine.
π¦Ώ Norton 360 wants to pay you a pittance to mine Ethereum cryptocurrency π¦Ώ
π Read
via "Tech Republic".
The new opt-in feature turns your idle PC into a cryptominer, with Norton skimming 15% off the top, plus market fees.π Read
via "Tech Republic".
TechRepublic
Norton 360 wants to pay you a pittance to mine Ethereum cryptocurrency
The new opt-in feature turns your idle PC into a cryptominer, with Norton skimming 15% off the top, plus market fees.
π΄ How to Proactively Limit Damage From BlackMatter Ransomware π΄
π Read
via "Dark Reading".
Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says.π Read
via "Dark Reading".
Dark Reading
How to Proactively Limit Damage From BlackMatter Ransomware
Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says.
π FTC Settles with Financial Firm Following Mortgage File Breach π
π Read
via "".
A recently finalized settlement will require the company maintain proper data security safeguards and undergo periodic audits.π Read
via "".
Digital Guardian
FTC Settles with Financial Firm Following Mortgage File Breach
A recently finalized settlement will require the company maintain proper data security safeguards and undergo periodic audits.