‼ CVE-2021-46321 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24589 ‼
📖 Read
via "National Vulnerability Database".
Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-23639 ‼
📖 Read
via "National Vulnerability Database".
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46265 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37354 ‼
📖 Read
via "National Vulnerability Database".
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33945 ‼
📖 Read
via "National Vulnerability Database".
RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
🕴 How Nonprofits Can Continue to Evade Ransomware Attacks 🕴
📖 Read
via "Dark Reading".
Just as small businesses can't be complacent, nonprofits also need to prepare for cyberattacks.📖 Read
via "Dark Reading".
Dark Reading
How Nonprofits Can Evade Ransomware Attacks
Just as small businesses can't be complacent, nonprofits also need to prepare for cyberattacks.
🕴 Machine Learning in 2022: Data Threats and Backdoors? 🕴
📖 Read
via "Dark Reading".
While research illustrates some sly threats, experts say attackers will likely focus on data exposure and finding ways to fool algorithms.📖 Read
via "Dark Reading".
Dark Reading
Machine Learning in 2022: Data Threats and Backdoors?
While research illustrates some sly threats, experts say attackers will likely focus on data exposure and finding ways to fool algorithms.
❌ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming ❌
📖 Read
via "Threat Post".
Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell.📖 Read
via "Threat Post".
Threat Post
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
SquirrelWaffle attackers now use typosquatting to keep sending spam, even after Exchange servers are patched for ProxyLogon/ProxyShell.
🕴 FBI, US Secret Service Issue Mitigations for BlackByte Ransomware 🕴
📖 Read
via "Dark Reading".
Joint Cybersecurity Advisory from federal law enforcement includes indicators of compromise associated with the ransomware variant.📖 Read
via "Dark Reading".
Dark Reading
FBI, US Secret Service Issue Mitigations for BlackByte Ransomware
Joint Cybersecurity Advisory from federal law enforcement includes indicators of compromise associated with the ransomware variant.
🕴 Akamai To Acquire Linode 🕴
📖 Read
via "Dark Reading".
Akamai will discuss the acquisition on its Q4 and year end 2021 financial results conference call today, February 15, at 4:30 p.m. ET.📖 Read
via "Dark Reading".
Dark Reading
Akamai To Acquire Linode
Akamai will discuss the acquisition on its Q4 and year end 2021 financial results conference call today, February 15, at 4:30 p.m. ET.
🕴 Securonix Secures Over $1B in Growth Investment From Vista Equity 🕴
📖 Read
via "Dark Reading".
Deal is the second one topping $1 billion since November and sets the stage for what could be another record-breaking year for investment in the cybersecurity industry.📖 Read
via "Dark Reading".
Dark Reading
Securonix Secures Over $1B in Growth Investment From Vista Equity
Deal is the second one topping $1 billion since November and sets the stage for what could be another record-breaking year for investment in the cybersecurity industry.
‼ CVE-2022-23643 ‼
📖 Read
via "National Vulnerability Database".
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects only the Code Monitoring feature, whereas CVE-2021-43823 also affected saved searches. A successful attack would require an authenticated bad actor to create many Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in versions 3.35.2 and 3.36.3 of Sourcegraph. Those who are unable to upgrade may disable the Code Monitor feature in their installation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23641 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35380 ‼
📖 Read
via "National Vulnerability Database".
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46251 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46250 ‼
📖 Read
via "National Vulnerability Database".
An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46252 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0611 ‼
📖 Read
via "National Vulnerability Database".
Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46249 ‼
📖 Read
via "National Vulnerability Database".
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.📖 Read
via "National Vulnerability Database".
⚠ Google announces zero-day in Chrome browser – update now! ⚠
📖 Read
via "Naked Security".
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News