π΄ Crypto Agility: Solving for the Inevitable π΄
π Read
via "Dark Reading".
The advent of viable quantum computers will threaten todayβs encryption standards, which are the basis of Internet security. Cryptographic agility is the key to post-quantum computing security, although implementing it will be a formidable challenge.π Read
via "Dark Reading".
Dark Reading
Crypto Agility: Solving for the Inevitable
The advent of viable quantum computers will threaten todayβs encryption standards, which are the basis of Internet security. Cryptographic agility is the key to post-quantum computing security, although implementing it will be a formidable challenge.
βΌ CVE-2021-28962 βΌ
π Read
via "National Vulnerability Database".
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46101 βΌ
π Read
via "National Vulnerability Database".
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36056 βΌ
π Read
via "National Vulnerability Database".
Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36064 βΌ
π Read
via "National Vulnerability Database".
Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.π Read
via "National Vulnerability Database".
π΄ The Zero Trust Timer Is on for Federal Agencies β How Ready Are They? π΄
π Read
via "Dark Reading".
A new study coincides with OMBβs finalization of its zero-trust strategy through 2024.π Read
via "Dark Reading".
Dark Reading
The Zero-Trust Timer Is on for Federal Agencies β How Ready Are They?
A new study coincides with OMBβs finalization of its zero-trust strategy through 2024.
π΄ 7 Privacy Tips for Security Pros π΄
π Read
via "Dark Reading".
How best to integrate privacy into your organization's security program.π Read
via "Dark Reading".
Dark Reading
7 Privacy Tips for Security Pros
How best to integrate privacy into your organization's security program.
ποΈ Bug Bounty Radar // The latest bug bounty programs for February 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for February 2022
New web targets for the discerning hacker
π OpenStego Free Steganography Solution 0.8.3 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Falco 0.31.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.31.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-40033 βΌ
π Read
via "National Vulnerability Database".
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46458 βΌ
π Read
via "National Vulnerability Database".
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40042 βΌ
π Read
via "National Vulnerability Database".
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31617 βΌ
π Read
via "National Vulnerability Database".
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0286 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.π Read
via "National Vulnerability Database".
β NSO Group Pegasus Spyware Aims at Finnish Diplomats β
π Read
via "Threat Post".
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.π Read
via "Threat Post".
Threat Post
NSO Group Pegasus Spyware Aims at Finnish Diplomats
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.
β Website operator fined for using Google Fonts βthe cloudy wayβ β
π Read
via "Naked Security".
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.π Read
via "Naked Security".
Naked Security
Website operator fined for using Google Fonts βthe cloudy wayβ
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.
β Apple Pays $100.5K Bug Bounty for Mac Webcam Hack β
π Read
via "Threat Post".
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited."π Read
via "Threat Post".
Threat Post
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited."
βΌ CVE-2021-42635 βΌ
π Read
via "National Vulnerability Database".
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44114 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42631 βΌ
π Read
via "National Vulnerability Database".
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.π Read
via "National Vulnerability Database".