π’ QNAP ransomware victims dealt double blow as firmware update hampers decryption π’
π Read
via "ITPro".
Emisoft releases decryptor for victims while QNAP explains why and how it controversially auto-updated userβs productsπ Read
via "ITPro".
IT PRO
QNAP ransomware victims dealt double blow as firmware update hampers decryption | IT PRO
Emisoft releases decryptor for victims while QNAP explains why and how it controversially auto-updated userβs products
π’ MoD reported seven data incidents to the ICO between 2020 and 2021 π’
π Read
via "ITPro".
More than 4,000 people were affected according to the department's Annual Report and Accountsπ Read
via "ITPro".
IT PRO
MoD reported seven data incidents to the ICO between 2020 and 2021 | IT PRO
More than 4,000 people were affected according to the department's Annual Report and Accounts
π’ Log4j vulnerability continues to stress CISOs π’
π Read
via "ITPro".
Avast's latest threat report also reveals the resurrection of the infamous Emotet botnetπ Read
via "ITPro".
IT PRO
Log4j vulnerability continues to stress CISOs | IT PRO
Avast's latest threat report also reveals the resurrection of the infamous Emotet botnet
π’ The best defence against ransomware π’
π Read
via "ITPro".
How ransomware is evolving and how to defend against itπ Read
via "ITPro".
IT PRO
The best defence against ransomware
How ransomware is evolving and how to defend against it
π’ QNAP users angry after NAS drives are updated to combat DeadBolt ransomware π’
π Read
via "ITPro".
Concerns mount over the powers the NAS manufacturer has over users' products as users report non-consensual forced security updatesπ Read
via "ITPro".
IT PRO
QNAP users angry after NAS drives are updated to combat DeadBolt ransomware | IT PRO
Concerns mount over the powers the NAS manufacturer has over users' products as users report non-consensual forced security updates
π’ FBI urges Olympic athletes to leave personal devices at home due to cyber risk π’
π Read
via "ITPro".
The organisation has warned that threat actors could use a broad range of cyber activities, including DDoS or ransomware attacks, to disrupt the eventπ Read
via "ITPro".
IT PRO
FBI urges Olympic athletes to leave personal devices at home due to cyber risk | IT PRO
The organisation has warned that threat actors could use a broad range of cyber activities, including DDoS or ransomware attacks, to disrupt the event
π’ Google adds Python support to privacy-preserving data analysis tool π’
π Read
via "ITPro".
The addition of Python opens up the open-source differential privacy library to nearly half of all developers worldwideπ Read
via "ITPro".
IT PRO
Google adds Python support to privacy-preserving data analysis tool | IT PRO
The addition of Python opens up the open-source differential privacy library to nearly half of all developers worldwide
π’ IT Pro News in Review: Nvidia walks away from Arm, Belarusian train hack, and IBM to sell Watson Health π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
βΌ CVE-2022-24300 βΌ
π Read
via "National Vulnerability Database".
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24301 βΌ
π Read
via "National Vulnerability Database".
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.π Read
via "National Vulnerability Database".
ποΈ British Council data breach leaks 10,000 student records ποΈ
π Read
via "The Daily Swig".
Researchers say 144,000 files were exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
British Council data breach leaks 10,000 student records
Researchers say 144,000 files were exposed
βΌ CVE-2022-0366 βΌ
π Read
via "National Vulnerability Database".
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41016 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special charactersπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39066 βΌ
π Read
via "National Vulnerability Database".
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43062 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36193 βΌ
π Read
via "National Vulnerability Database".
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41018 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21724 βΌ
π Read
via "National Vulnerability Database".
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to remote code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36177 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24043 βΌ
π Read
via "National Vulnerability Database".
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26208 βΌ
π Read
via "National Vulnerability Database".
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.π Read
via "National Vulnerability Database".