βΌ CVE-2021-43944 βΌ
π Read
via "National Vulnerability Database".
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.π Read
via "National Vulnerability Database".
π΄ Breaking the Bias for International Womenβs Day 2022 π΄
π Read
via "Dark Reading".
The theme of International Womenβs Day 2022 is βBreak the bias." This is what #BreaktheBias means to me.π Read
via "Dark Reading".
Dark Reading
Breaking the Bias for International Womenβs Day 2022
The theme of International Womenβs Day 2022 is "Break the bias." This is what #BreaktheBias means to me.
π΄ 8 More Women in Security You May Not Know But Should π΄
π Read
via "Dark Reading".
Dark Reading highlights women who are quietly changing the game in cybersecurity. We also revisit some of those we've spoken to in the past to see what they're up to now.π Read
via "Dark Reading".
Dark Reading
8 More Women in Security You May Not Know but Should
Dark Reading highlights women who are quietly changing the game in cybersecurity. We also revisit some of those we've spoken to in the past to see what they're up to now.
ποΈ Concerns raised over bug disclosure program aimed at tackling Russiaβs βpropaganda machineβ ποΈ
π Read
via "The Daily Swig".
Some cybersecurity professionals express unease about βred teamβ VDP launched alongside defense-focused programπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Concerns raised over bug disclosure program aimed at tackling Russiaβs βpropaganda machineβ
Some cybersecurity professionals express unease about βred teamβ VDP launched alongside defense-focused program
ποΈ SQL injection vulnerability in e-learning platform Moodle could enable database takeover ποΈ
π Read
via "The Daily Swig".
Security flaw could risk data leakπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection vulnerability in e-learning platform Moodle could enable database takeover
Security flaw could risk data leak
β Bug in the Linux Kernel Allows Privilege Escalation, Container Escape β
π Read
via "Threat Post".
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.π Read
via "Threat Post".
Threat Post
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.
π΄ 7 Essentials for More Security-Aware Design Automation π΄
π Read
via "Dark Reading".
Electronic design automation solutions, software programs that help designers develop electronic systems and semiconductor chips, can be used in service of security assurance.π Read
via "Dark Reading".
Dark Reading
7 Essentials for More Security-Aware Design Automation
Electronic design automation solutions, software programs that help designers develop electronic systems and semiconductor chips, can be used in service of security assurance.
β Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure β
π Read
via "Threat Post".
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.π Read
via "Threat Post".
Threat Post
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
π Samhain File Integrity Checker 4.4.7 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-0877 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.π Read
via "National Vulnerability Database".
β The Uncertain Future of IT Automation β
π Read
via "Threat Post".
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.π Read
via "Threat Post".
Threat Post
The Uncertain Future of IT Automation
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.
ποΈ Aspiring women in infosec need role models and collective strength, industry panel hears ποΈ
π Read
via "The Daily Swig".
Another panelist urged young security pros to consider starting out as generalists before specializingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Aspiring women in infosec need role models and collective strength, industry panel hears
Another panelist urged young security pros to consider starting out as generalists before specializing
ποΈ Electronics retailer Adafruit apologises after training data containing real customer info leaks onto GitHub ποΈ
π Read
via "The Daily Swig".
IoT hardware vendor promises to tighten up proceduresπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Electronics retailer Adafruit apologises after training data containing real customer info leaks onto GitHub
IoT hardware vendor promises to tighten up procedures
β Adafruit suffers GitHub data breach β donβt let this happen to you β
π Read
via "Naked Security".
Training data stashed in GitHub by mistake... unfortunately, it was *real* dataπ Read
via "Naked Security".
Naked Security
Adafruit suffers GitHub data breach β donβt let this happen to you
Training data stashed in GitHub by mistake⦠unfortunately, it was *real* data
β βDirty Pipeβ Linux kernel bug lets anyone to write to any file β
π Read
via "Naked Security".
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Google to Buy Mandiant, Aims to Automate Security Response π΄
π Read
via "Dark Reading".
In a deal worth $5.4 billion, Google would expand its security portfolio with managed detection and response (MDR) and threat intelligence, with an increasing focus on automation.π Read
via "Dark Reading".
Dark Reading
Google to Buy Mandiant, Aims to Automate Security Response
In a deal worth $5.4 billion, Google would expand its security portfolio with managed detection and response (MDR) and threat intelligence, with an increasing focus on automation.
π΄ Dark Reading Reflects on Breaking the Bias for International Women's Day π΄
π Read
via "Dark Reading".
A look at how far the information security industry has come - and how far it still has to go.π Read
via "Dark Reading".
Dark Reading
Dark Reading Reflects on International Women's Day
A look at how far the information security industry has come β and how far it still has to go.
βΌ CVE-2021-41239 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41181 βΌ
π Read
via "National Vulnerability Database".
Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41180 βΌ
π Read
via "National Vulnerability Database".
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.π Read
via "National Vulnerability Database".
π’ Improve security and compliance π’
π Read
via "ITPro".
Adopting an effective security and compliance risk management approachπ Read
via "ITPro".
IT PRO
Improve security and compliance
Adopting an effective security and compliance risk management approach