โผ CVE-2021-28500 โผ
๐ Read
via "National Vulnerability Database".
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIรขโฌโขs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39627 โผ
๐ Read
via "National Vulnerability Database".
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42067 โผ
๐ Read
via "National Vulnerability Database".
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46195 โผ
๐ Read
via "National Vulnerability Database".
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44703 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-20612 โผ
๐ Read
via "National Vulnerability Database".
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44739 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39618 โผ
๐ Read
via "National Vulnerability Database".
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39630 โผ
๐ Read
via "National Vulnerability Database".
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44704 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
๐ด The Cybersecurity Measures CTOs Are Actually Implementing ๐ด
๐ Read
via "Dark Reading".
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.๐ Read
via "Dark Reading".
Dark Reading
The Cybersecurity Measures CTOs Are Actually Implementing
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
๐ด Russia Takes Down REvil Ransomware Operation, Arrests Key Members ๐ด
๐ Read
via "Dark Reading".
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.๐ Read
via "Dark Reading".
Dark Reading
Russia Takes Down REvil Ransomware Operation, Arrests Key Members
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
โ๏ธ At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates โ๏ธ
๐ Read
via "Krebs on Security".
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin's decision to station 100,000 troops along the nation's border with Ukraine.๐ Read
via "Krebs on Security".
Krebs on Security
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) saidโฆ
โผ CVE-2021-46168 โผ
๐ Read
via "National Vulnerability Database".
Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46169 โผ
๐ Read
via "National Vulnerability Database".
Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46171 โผ
๐ Read
via "National Vulnerability Database".
Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46170 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.๐ Read
via "National Vulnerability Database".
๐ข Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update ๐ข
๐ Read
via "ITPro".
Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by businesses around the world๐ Read
via "ITPro".
ITPro
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by businesses around the world
๐ข Cyber attacks on corporate networks increased 50% in 2021 ๐ข
๐ Read
via "ITPro".
Check Point data reveals an upward trend of malicious activity since mid-2020๐ Read
via "ITPro".
IT PRO
Cyber attacks on corporate networks increased 50% in 2021 | IT PRO
Check Point data reveals an upwards trend of malicious activity since mid-2020
๐ข Google Drive accounted for the most malware downloads in 2021 ๐ข
๐ Read
via "ITPro".
NetSkope research malware downloaded via cloud apps is now more prevalent than web-delivered malware๐ Read
via "ITPro".
IT PRO
Google Drive accounted for the most malware downloads in 2021 | IT PRO
NetSkope research malware downloaded via cloud apps is now more prevalent than web-delivered malware
๐ข QNAP warns of ransomware targeting internet-facing NAS products ๐ข
๐ Read
via "ITPro".
The manufacturer has provided a guide to securing vulnerable products amid ongoing attacks๐ Read
via "ITPro".
IT PRO
QNAP warns of ransomware targeting internet-facing NAS products | IT PRO
The manufacturer has provided a guide to securing vulnerable products amid ongoing attacks