‼ CVE-2021-45225 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43589 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45224 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43588 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45222 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43420 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36342 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23126 ‼
📖 Read
via "National Vulnerability Database".
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45223 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.📖 Read
via "National Vulnerability Database".
❌ Surge in Malicious QR Codes Sparks FBI Alert ❌
📖 Read
via "Threat Post".
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.📖 Read
via "Threat Post".
Threat Post
Surge in Malicious QR Codes Sparks FBI Alert
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data, money and drop malware.
🕴 The Case for Backing Up Source Code 🕴
📖 Read
via "Dark Reading".
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.📖 Read
via "Dark Reading".
Dark Reading
The Case for Backing Up Source Code
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.
❌ MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists ❌
📖 Read
via "Threat Post".
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.📖 Read
via "Threat Post".
Threat Post
MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
🕴 DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US 🕴
📖 Read
via "Dark Reading".
Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.📖 Read
via "Dark Reading".
Dark Reading
DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US
Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.
🕴 Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open 🕴
📖 Read
via "Dark Reading".
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.📖 Read
via "Dark Reading".
Dark Reading
Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
‼ CVE-2022-0177 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js prior to 0.137.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43394 ‼
📖 Read
via "National Vulnerability Database".
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.📖 Read
via "National Vulnerability Database".
🦿 Personal identifying information for 1.5 billion users was stolen in 2021, but from where? 🦿
📖 Read
via "Tech Republic".
Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.📖 Read
via "Tech Republic".
TechRepublic
Personal identifying information for 1.5 billion users was stolen in 2021, but from where?
Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.
❌ Linux Servers at Risk of RCE Due to Critical CWP Bugs ❌
📖 Read
via "Threat Post".
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.📖 Read
via "Threat Post".
Threat Post
Linux Servers at Risk of RCE Due to Critical CWP Bugs
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
🕴 Trickbot Injections Get Harder to Detect & Analyze 🕴
📖 Read
via "Dark Reading".
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.📖 Read
via "Dark Reading".
Dark Reading
Trickbot Injections Get Harder to Detect & Analyze
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
🕴 Test Your Team, Not Just Your Disaster Recovery Plan 🕴
📖 Read
via "Dark Reading".
Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.📖 Read
via "Dark Reading".
Dark Reading
DR Technology
‼ CVE-2021-46480 ‼
📖 Read
via "National Vulnerability Database".
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".