‼ CVE-2021-46195 ‼
📖 Read
via "National Vulnerability Database".
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44703 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20612 ‼
📖 Read
via "National Vulnerability Database".
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44739 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39618 ‼
📖 Read
via "National Vulnerability Database".
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39630 ‼
📖 Read
via "National Vulnerability Database".
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44704 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
🕴 The Cybersecurity Measures CTOs Are Actually Implementing 🕴
📖 Read
via "Dark Reading".
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.📖 Read
via "Dark Reading".
Dark Reading
The Cybersecurity Measures CTOs Are Actually Implementing
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
🕴 Russia Takes Down REvil Ransomware Operation, Arrests Key Members 🕴
📖 Read
via "Dark Reading".
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.📖 Read
via "Dark Reading".
Dark Reading
Russia Takes Down REvil Ransomware Operation, Arrests Key Members
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
♟️ At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates ♟️
📖 Read
via "Krebs on Security".
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin's decision to station 100,000 troops along the nation's border with Ukraine.📖 Read
via "Krebs on Security".
Krebs on Security
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said…
‼ CVE-2021-46168 ‼
📖 Read
via "National Vulnerability Database".
Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46169 ‼
📖 Read
via "National Vulnerability Database".
Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46171 ‼
📖 Read
via "National Vulnerability Database".
Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46170 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.📖 Read
via "National Vulnerability Database".
📢 Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update 📢
📖 Read
via "ITPro".
Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by businesses around the world📖 Read
via "ITPro".
ITPro
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by businesses around the world
📢 Cyber attacks on corporate networks increased 50% in 2021 📢
📖 Read
via "ITPro".
Check Point data reveals an upward trend of malicious activity since mid-2020📖 Read
via "ITPro".
IT PRO
Cyber attacks on corporate networks increased 50% in 2021 | IT PRO
Check Point data reveals an upwards trend of malicious activity since mid-2020
📢 Google Drive accounted for the most malware downloads in 2021 📢
📖 Read
via "ITPro".
NetSkope research malware downloaded via cloud apps is now more prevalent than web-delivered malware📖 Read
via "ITPro".
IT PRO
Google Drive accounted for the most malware downloads in 2021 | IT PRO
NetSkope research malware downloaded via cloud apps is now more prevalent than web-delivered malware
📢 QNAP warns of ransomware targeting internet-facing NAS products 📢
📖 Read
via "ITPro".
The manufacturer has provided a guide to securing vulnerable products amid ongoing attacks📖 Read
via "ITPro".
IT PRO
QNAP warns of ransomware targeting internet-facing NAS products | IT PRO
The manufacturer has provided a guide to securing vulnerable products amid ongoing attacks
📢 Open source in open rebellion - can Google bring peace to the developer community? 📢
📖 Read
via "ITPro".
A recent White House gathering exposes divisions between the open source community and the private companies that exploit it📖 Read
via "ITPro".
IT PRO
Open source in open rebellion - can Google bring peace to the developer community? | IT PRO
A recent White House gathering exposes divisions between the open source community and the private companies that exploit it
📢 US gov issues fresh warning over Russian threat to critical infrastructure 📢
📖 Read
via "ITPro".
The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks📖 Read
via "ITPro".
IT PRO
US gov issues fresh warning over Russian threat to critical infrastructure | IT PRO
The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks
📢 NetUSB flaw exposes millions of routers to remote code execution 📢
📖 Read
via "ITPro".
The vulnerability impacts devices from Netgear, TP-Link, D-Link, and Western Digital📖 Read
via "ITPro".
IT PRO
NetUSB flaw exposes millions of routers to remote code execution | IT PRO
The vulnerability impacts devices from Netgear, TP-Link, D-Link, and Western Digital