🕴 7 Ways to Secure Collaboration Tools in Your Organization 🕴
📖 Read
via "Dark Reading".
The push to embrace Slack, Teams, and Zoom at work comes with new security risks for organizations.📖 Read
via "Dark Reading".
Dark Reading
7 Ways to Secure Collaboration Tools in Your Organization
The push to embrace Slack, Teams, and Zoom at work comes with new security risks for organizations.
👍1
❌ TeaBot Trojan Haunts Google Play Store, Again ❌
📖 Read
via "Threat Post".
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.📖 Read
via "Threat Post".
Threat Post
TeaBot Trojan Haunts Google Play Store, Again
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.
‼ CVE-2022-23958 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41001 ‼
📖 Read
via "National Vulnerability Database".
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0711 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23954 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23656 ‼
📖 Read
via "National Vulnerability Database".
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41003 ‼
📖 Read
via "National Vulnerability Database".
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0675 ‼
📖 Read
via "National Vulnerability Database".
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23957 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22944 ‼
📖 Read
via "National Vulnerability Database".
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45074 ‼
📖 Read
via "National Vulnerability Database".
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23955 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23956 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25045 ‼
📖 Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46270 ‼
📖 Read
via "National Vulnerability Database".
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41000 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41002 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23953 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23849 ‼
📖 Read
via "National Vulnerability Database".
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42950 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.📖 Read
via "National Vulnerability Database".