βΌ CVE-2021-3852 βΌ
π Read
via "National Vulnerability Database".
growi is vulnerable to Authorization Bypass Through User-Controlled Keyπ Read
via "National Vulnerability Database".
β Phishers Rip Off High-Profile EA Gamers β
π Read
via "Threat Post".
Electronic Arts blamed βhuman errorβ after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.π Read
via "Threat Post".
Threat Post
FIFA Ultimate Team Account Takeovers Plague EA Gamers
Electronic Arts blamed βhuman errorβ after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.
π¦Ώ Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks π¦Ώ
π Read
via "Tech Republic".
The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection.π Read
via "Tech Republic".
TechRepublic
Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks
The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection.
ποΈ Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns ποΈ
π Read
via "The Daily Swig".
Flurry of issues patched in web browserβs latest advisoryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns
Flurry of issues patched in web browserβs latest advisory
βΌ CVE-2021-4080 βΌ
π Read
via "National Vulnerability Database".
crater is vulnerable to Unrestricted Upload of File with Dangerous Typeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44648 βΌ
π Read
via "National Vulnerability Database".
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44649 βΌ
π Read
via "National Vulnerability Database".
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44650 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.π Read
via "National Vulnerability Database".
β Home routers with NetUSB support could have critical kernel hole β
π Read
via "Naked Security".
Got a router that supports USB access across the network? You might need a kernel update...π Read
via "Naked Security".
Naked Security
Home routers with NetUSB support could have critical kernel hole
Got a router that supports USB access across the network? You might need a kernel updateβ¦
β JavaScript developer destroys own projects in supply chain βlessonβ β
π Read
via "Naked Security".
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals π΄
π Read
via "Dark Reading".
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.π Read
via "Dark Reading".
Dark Reading
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
ποΈ Patch Tuesday: Web security issues in the spotlight in Microsoftβs bumper January update ποΈ
π Read
via "The Daily Swig".
βWormableβ flaw in HTTP Protocol Stack causes concernπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Patch Tuesday: Web security issues in the spotlight in Microsoftβs bumper January update
βWormableβ flaw in HTTP Protocol Stack causes concern
π Proxmark3 4.14831 π
π Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed Frostbit.π Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark3 4.14831 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Cybersecurity conferences 2022: A rundown of online, in person, and βhybridβ events ποΈ
π Read
via "The Daily Swig".
With many events choosing to retain virtual elements forced on them by the pandemic, thereβs now an abundance of online content to choose fromπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cybersecurity conferences 2022: A rundown of online, in person, and βhybridβ events
With many events choosing to retain virtual elements forced on them by the pandemic, thereβs still an abundance of online content to choose from
β Wormable Windows HTTP hole β what you need to know β
π Read
via "Naked Security".
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".π Read
via "Naked Security".
Naked Security
Wormable Windows HTTP hole β what you need to know
One bug in the January 2022 Patch Tuesday list is getting lots of attention: βHTTP Protocol Stack Remote Code Execution Vulnerabilityβ.
βΌ CVE-2021-44651 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44652 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.π Read
via "National Vulnerability Database".
π¦Ώ US government urges organizations to prepare for Russian-sponsored cyber threats π¦Ώ
π Read
via "Tech Republic".
Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.π Read
via "Tech Republic".
TechRepublic
US government urges organizations to prepare for Russian-sponsored cyber threats
Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.
π΄ Critical Infrastructure Security and a Case for Optimism in 2022 π΄
π Read
via "Dark Reading".
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.π Read
via "Dark Reading".
Dark Reading
Critical Infrastructure Security and a Case for Optimism in 2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.
β New York AG Warns 17 Firms of Credential Attacks β
π Read
via "Threat Post".
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.π Read
via "Threat Post".
Threat Post
New York AG Warns 17 Firms of Credential Attacks
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.
βΌ CVE-2022-0015 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.π Read
via "National Vulnerability Database".