ποΈ Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims ποΈ
π Read
via "The Daily Swig".
Local newspaper alleges that usernames and PINs of vote-counting machines were stolenπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims
Local newspaper alleges that usernames and PINs of vote-counting machines were stolen
β S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
Latest epsiode β listen now!
ποΈ European Commission launches new open source software bug bounty program ποΈ
π Read
via "The Daily Swig".
Hackers are invited to test services used by EU agenciesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
European Commission launches new open source software bug bounty program
Hackers are invited to test services used by EU agencies
β Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft β
π Read
via "Naked Security".
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.π Read
via "Naked Security".
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
The company has put out a brief security report that summarises the βwhatβ, but not yet the βhowβ or βwhyβ.
βΌ CVE-2021-46201 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40855 βΌ
π Read
via "National Vulnerability Database".
The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46200 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46307 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35003 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35004 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46198 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19861 βΌ
π Read
via "National Vulnerability Database".
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23220 βΌ
π Read
via "National Vulnerability Database".
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.π Read
via "National Vulnerability Database".
βοΈ Crime Shop Sells Hacked Logins to Other Crime Shops βοΈ
π Read
via "Krebs on Security".
Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.π Read
via "Krebs on Security".
Krebs on Security
Crime Shop Sells Hacked Logins to Other Crime Shops
Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming toolsβ¦
β McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges β
π Read
via "Threat Post".
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.π Read
via "Threat Post".
Threat Post
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
β 20K WordPress Sites Exposed by Insecure Plugin REST-API β
π Read
via "Threat Post".
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.π Read
via "Threat Post".
Threat Post
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
βΌ CVE-2020-4879 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4877 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46309 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4875 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46308 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.π Read
via "National Vulnerability Database".