βΌ CVE-2021-46320 βΌ
π Read
via "National Vulnerability Database".
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.π Read
via "National Vulnerability Database".
β Attackers Target Intuit Users by Threatening to Cancel Tax Accounts β
π Read
via "Threat Post".
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.π Read
via "Threat Post".
Threat Post
Attackers Target Intuit Users by Threatening to Cancel Tax Accounts
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
ποΈ Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks ποΈ
π Read
via "The Daily Swig".
Critical security bugs inherited by multiple productsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks
Critical security bugs inherited by multiple products
π΄ Want to Be an Ethical Hacker? Here's Where to Begin π΄
π Read
via "Dark Reading".
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.π Read
via "Dark Reading".
Dark Reading
Want to Be an Ethical Hacker? Here's Where to Begin
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.
ποΈ Google Drive integration errors created SSRF flaws in multiple applications ποΈ
π Read
via "The Daily Swig".
Bug hunter earned $17k bounty for HelloSign bugπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Drive integration errors created SSRF flaws in multiple applications
Bug hunter earned $17k bounty for HelloSign bug
βΌ CVE-2021-44983 βΌ
π Read
via "National Vulnerability Database".
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.π Read
via "National Vulnerability Database".
β S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript]
Latest episode β listen now!
π΄ China-Linked Group Attacked Taiwanese Financial Firms for 18 Months π΄
π Read
via "Dark Reading".
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.π Read
via "Dark Reading".
Dark Reading
China-Linked Group Attacked Taiwanese Financial Firms for 18 Months
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.
βΌ CVE-2021-44886 βΌ
π Read
via "National Vulnerability Database".
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44978 βΌ
π Read
via "National Vulnerability Database".
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43145 βΌ
π Read
via "National Vulnerability Database".
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46398 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44977 βΌ
π Read
via "National Vulnerability Database".
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.π Read
via "National Vulnerability Database".
β Wormhole cryptotrading company turns over $340,000,000 to criminals β
π Read
via "Naked Security".
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.π Read
via "Naked Security".
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
It was the best of blockchains, it was the worst of blockchains⦠as Charles Dickens might have said.
β Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers β
π Read
via "Threat Post".
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.π Read
via "Threat Post".
Threat Post
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.
β βLong Live Log4Shellβ: CVE-2021-44228 Not Dead Yet β
π Read
via "Threat Post".
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next.π Read
via "Threat Post".
Threat Post
βLong Live Log4Shellβ: CVE-2021-44228 Not Dead Yet
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next.
βΌ CVE-2021-43635 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24260 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24259 βΌ
π Read
via "National Vulnerability Database".
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24262 βΌ
π Read
via "National Vulnerability Database".
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.π Read
via "National Vulnerability Database".
π Friday Five 2/4 π
π Read
via "".
Hacking North Korea, inside the Trickbot ransomware group, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 2/4
Hacking North Korea, inside the Trickbot ransomware group, and more - catch up on the infosec news of the week with the Friday Five!