Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation.Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URLUnvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.Unvalidated input in the Contact Form Submissions WordPress plugin, versions 1.6.4 and before, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.The Internet Crime Complaint Center received a record 791,790 complaints last year, with reported losses exceeding $4.1 billion.The latest scams use phishing emails to deliver remote access trojans to control a victim's computer and steal sensitive data, says Cybereason.Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace.The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render.The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace.Proofpoint researchers say it steals logins and spreads more malware.This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.Stored XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.Fintech security provider Fiserv acknowledges it used unregistered domain as default email.Facebook's announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.A majority of firms say they're more likely to buy from suppliers that are open about security issues -- yet that sentiment isn't necessarily reflected in the technology providers they're currently working with.A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.A flaw was found in 3scaleΓ’β¬β’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM.Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form["email"], request.form["password"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {"username": username} code lacks sanitization.Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the userΓ’β¬β’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerabilityZen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work./exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).In these 18 online training courses on ethical hacking, cybersecurity pros will teach you about creating projects with Python, bug bounty hunting, Kali Linux hacker tools and much more.Egor Kriuchkov will be sentenced in May on conspiracy chargeThe FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion.The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon.Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service.Stolen phone access, cybersecurity in national security, and the theft of NFTs - catch up on all of the week's infosec news with the Friday Five!Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier.IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0.Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).Researchers are reporting mass scanning for β and in-the-wild exploitation of β a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure.XcodeSpy is latest example of growing attacks on software supply chain.Scammers are taking advantage of a shortage of Sony PlayStation 5 consoles to try to hoodwink people eager to snag one, says Kaspersky.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.Don't get taken for a sucker on social media! Here are our top tips to protect you from Instagram scams...Here's what to expect when you report an insider incident to the FBI.In a bid to replace MPLS circuits and SD-WAN appliances, Cloudflare has introduced Magic WAN and Magic Firewall and partnerships with VMware, Aruba, Digital Realty, CoreSite and EdgeConneX.Attackers can leverage the critical Adobe ColdFusion flaw to launch arbitrary code execution attacks.The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.New episode - watch now!The well-known security industry entrepreneur initially took a leave of absence in February.When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.Remote ed software bugs give attackers wide access student computers, data.While only 21, the Swiss "hacktivist" has hacked dozens of companies and published data like source code, files, and other proprietary information online.The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device.There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.A malicious website could execute code remotely in Sophos Connect Client before version 2.1.The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.HR and recruiting experts offer unique ways to find and hire cybersecurity talent.Reports say a ransomware gang has given Acer until March 28 to pay, or it will double the ransom amount.In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.With most of the world still not vaccinated against COVID-19, criminals are hawking fake vaccine documents, says Check Point Research.Attackers accessed personal and business data from the companyβs legacy file-transfer service in a recent data-security incident but core IT systems remained untouched.And the winner of The Edge's March cartoon caption contest is ...A year after the transition to remote working, many organizations continue to grapple with security issues and weaknesses, says PC Matic.A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinetβs FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week.It is time to turn the tables on cybercriminals and use their own tactics against them.The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.Jack Wallen offers up his take on the recent issue surrounding Android's WebView.Researchers explore how cybercriminals weigh the possibility of arrest and whether it deters criminal activity.The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.A former IT contractor is facing jailtime after a retaliatory hack into a companyβs network and wiping the majority of its employeesβ Microsoft Office 365 accounts.A cyberattacker taunted the site about open security vulnerabilities, prompting a code review.The 8 top trends cited will enable rapid reinvention, including the skills gap, cybersecurity mesh and identity-first security.Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds.The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.TikTokβs source code is in line with industry standards, security researchers say.Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.Former contractor deleted 1,200 user accounts in revenge.More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.The history and details of China Chopper - a Web shell commonly seen in the widespread Microsoft Exchange Server attacks.REvil previously infected the networks of Honda, the makers of Jack Daniels and a high-profile law firm representing Donald Trump.Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible.In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in MauticΓ’β¬β’s configuration that are used in publicly facing parts of the application.The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.5.0 and below, TIBCO eFTL - Developer Edition: versions 6.5.0 and below, and TIBCO eFTL - Enterprise Edition: versions 6.5.0 and below.In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below.The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.Remember Hafnium? Here's the bad news - it's not over yet! Learn why and what to do...** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.Patch early. Patch often. Patch now!Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way.Latest episode - listen now!Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.Hacking group stole source code to FIFA 21 and the company's Frostbite engine.Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote.Purchase automation software delivered shortened URLs without protections.A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).An investigation has revealed company data has been breached in the United States, South Korea, and Taiwan.In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims.A trio of security flaws open the door to remote-code execution and a malware tsunami.The restaurant chain reportedly said no U.S. customer data was exposed and the attack did not involve ransomware.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.Thycotic Password Reset Server before 5.3.0 allows credential disclosure.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none.It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.Nearly all of the leaked data was for owners or wannabe owners of the automakerβs luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.Users given control over encryption keys, Google says.Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.Utilitiesβ vulnerability to application exploits goes from bad to worse in just weeks. Β In an ironic twist, Cognyte's data alerts customers to third-party data exposures.Product: AndroidVersions: Android SoCAndroid ID: A-175402462In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victimΓ’β¬β’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.After nearly a decade as a US expat dubbed "The Face of Anoynmous", he's back in the US facing cybercrime charges from almost a decade ago.Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoftβs business networking platform to forbid the company from harvesting public info from user profiles.56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.Forcepointβs Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.Wilson Center cybersecurity expert Meg King pinpoints five ambitious steps the administration should take, including a comprehensive national data breach notification protocol.Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.Terbium Labs' products and services will become part of Deloitte's Detect & Respond lineup, the company confirms.This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715.Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code.A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets.There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.Victims in South Korea and the USA, suspects busted in Ukraine.You might be increasing cyber-risk by not actively working to reduce it.ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.Edge platform cybersecurity enhancements are intended to increase responsiveness and augment decision-making, the company said.The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: "Football."Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.The incident showcases basic steps that organizations can take to protect themselves as ransomware gangs get smarter.There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said were hit by a second attack.Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage.Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability .SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.A French court fined the furniture giant for illegal surveillance on 400 customers and staff.Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.The vulnerability could give attackers remote root access to the bike's tablet, researchers report.President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).It's a bike, Jim, but not as we know it.This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.Latest episode - listen now!With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.The things you do before and during a cybersecurity incident can make or break the success of your response.An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isnΓ’β¬β’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.Learn about the different types of classification and how to effectively classify your data in Data Protection 101, our series on the fundamentals of data security.The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.The 'Supply chain Levels for Software Artifacts' aims to ensure the integrity of components throughout the software supply chain.The cruise ship operator says the incident affected employee and guest data.Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command.Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&As - catch up on all of the week's infosec news with the Friday Five!Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.TroyΒ Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.This is the fourth time in a bit over a year that Carnivalβs admitted to breaches, with two of them being ransomware attacks.What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and whatβs stopping organizations from implementing those steps?Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your security career.Can you help? There's a hidden meaning here, and it's time to find it!Latest episode - listen now!An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.Research reports highlight growing concerns around insider negligence that leads to data breaches.Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information.SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.The Quiz And Survey Master ΓΒ’Γ’β¬Òβ¬Ε Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious linkWhite Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.Ransomware has been a problem for decades, so why is government just now beginning to address it?** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.β¦ until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.The school district has spent seven months and a reported $8.1 million recovering from the November attack.Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.The WP Hardening ΓΒ’Γ’β¬Òβ¬Ε Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.Illinois Supreme Court rules in favor of class action against companyβs practice of scanning peopleβs fingers when they enter amusement parks.In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673Don't overlook crisis communications in your cybersecurity incident response planning.Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!)Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.βNo remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.The framework, now available through MITRE, provides countermeasures to attacks.More companies are heeding expert advice to beef up their incident-response teams.Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn.The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.BEC attacks getting are more dangerous, and smart users are the ones who can stop it.Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.A new report suggests that top management at most companies still don't get security.Trusty TLK contains a vulnerability in the NVIDIA TLK kernelΓΒ―ΓΒΏΓΒ½s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos.The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.Two experts suggest calling employees "insider threats" is counterproductive; employees are assets needing protection.Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.In part one of our Q&A with Ben McGraw, we discuss his journey to Digital Guardian, insight from DG's Analytics & Reporting Cloud, and what makes a good threat hunter.Manufacturers want to pack cars and trucks full of technology, but they need to remember the dangers to those who drive or ride in them.Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.A lack of contextual information and concerns over application disruption among contributing factors.A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities exponentially difficult to exploit. Here's how.A May 6 ransomware attack caused disruption across several of the municipalityβs online services and websites.McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.Latest episode - listen now!The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI.The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.The infamous ransomware group hit two big-name companies within hours of each other. Β A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.Organizations that comply with the CCPA should be aware of an upcoming public reporting requirement deadline, one of the first deadlines under the relatively new law.Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.That's a LOT of money just to visit a seaside pier!SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.Challenging common beliefs about best practices in password hygiene.Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.βI am totally screwed,β one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There's an exploit.Strengthening their security posture should be at the top of school IT departments' summer to-do list.Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.Ransomware debates, spyware indictments, and CISA confirmations- catch up on all of the week's infosec news with the Friday Five!How serious is the company about safeguarding its customers and their genetic information? "We're hiding data even from ourselves," says the biotech and genetic testing company's head of security.** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.One of the Carbanak cybergang's highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments.Cybercrime gangs are finding it harder to recruit partners for the affiliate programs that power ransomware attacks.In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.Redmond's latest OS will run only on systems with TPM 2.0 chips.For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users' data being accessed, altered, or lost.Mermaid before 8.11.0 allows XSS when the antiscript feature is used.Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.American IT companies and government have been targeted by the Nobelium state-sponsored group. Β New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.A vulnerability in NVIDIAβs GeForce Experience software opens the door to remote data access, manipulation and deletion.The proposed legislation would create an agency to enforce data protection rules and oversee high-risk data practices.A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.GlobalNewFiles is a mediawiki extension. All existing versions of GlobalNewFiles are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. No patches are currently available. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled.Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.Rogue driver was distributed within gaming community in China, company says.After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network.The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having βgone fully mainstream in the crimeware world.βDisclosure of a bug in Adobeβs content-management solution - used by Mastercard, LinkedIn and PlayStation β were released.An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.The number of spam calls, the number of people losing money to them and the total amount of money lost In the past year are all record setting.Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to.Data protection and lack of budgets and resources continue to present the biggest challenges as cyberattacks increase, according to a new Kaseya report.This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.Normally used by organizations for penetration testing, Cobalt Strike is exploited by cybercriminals to launch attacks, says Proofpoint.More than 3.5 million people worldwide are needed to play defense against cyberattacks.Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.If you have access to Apple's iOS 15 Developer Beta, learn how to use an important security feature called Mail Privacy Protection.PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation's recommendation.Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10.There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.Happy Social Media Day! Make it a day to review whether your social media security really is up to scratch.Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect peopleβs privacy and avoid inaccurate identificationSecurity experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.The number of attacks from, and payouts to, ransomware extortionists continue to rise despite only 20% saying giving into demands is the best course, Menlo Security finds.An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).Safe at home, apparently, but not so safe overseas.Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.64% of respondents to PwC's latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond.A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.In part two of our Q&A with Ben McGraw, we discuss how automation will change the industry, how to improve the cybersecurity skills gap, and who is Digital Guardian's best basketball player.The self-propagating malware's attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass.There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools."Indexsinas" is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.All bugs are equal. But some bugs ar emore equal than others.There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits.There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart.IPO is the highest valued in cybersecurity history, according to reports.There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write.This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004.UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum.The ongoing spear-phishing campaign targeting the Afghan government uses Dropbox as an API that leaves no traces of communications with weirdo websites.There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.Latest episode - listen now!Latest episode - listen now!Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here's how you can protect your organization from data theft.One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.The gang's source code is now available to rivals and security researchers alike - and a decryptor likely is not far behind.When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.If you don't like the idea of your Android search history being saved, Jack Wallen wants to show you how to set it to auto-delete.Google has announced it is moving away from the APK format for Android apps. Jack Wallen offers his opinion on why this could be happening.LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not.The new security audit self-assessment tool is designed to help organizations better understand how well they're equipped to defend and recover from ransomware.Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.A survey of business professionals by Armis points to a lack of knowledge about recent incidents and proper cyber hygiene.An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753.The name change follows NTT Security Corporation's acquisition of WhiteHat in 2019.Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it.XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability.Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks.Patches Microsoft issued last month not effective against exploits targeting "PrintNightmare" flaw, agency and others say.A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource.CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that donβt print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.Court says that we need to "avoid a construction that makes some language mere surplusage."Containers are complex virtual entities that provide proven benefits to the business but also require strong security guidelines. Learn how to get the most out of container security best practices.Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.Ransomware venture capital, VPN shutdowns, and the latest from Fancy Bear - catch up on all of the week's infosec news with the Friday Five!An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).The way we work and treat each other go a long way in improving our organizations' security posture.After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game.A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form.Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.A survey of IT and security pros finds many are confident in their ability to detect security incidents in near-real time or within minutes.Company says remote code execution issue in all Windows versions is different from one in Windows Print Spooler that it had patched last month, though both affect same function.Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.The acquisition will bring Barracuda into the extended detection and response (XDR) market with a tool for managed service providers.Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand.ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.Windows Print Spooler Remote Code Execution VulnerabilityMatt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does...The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does...Cryptography, privacy, stalkerware and how infosec professionals relax. Listen, enjoy and learn!Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.SmarterTools SmarterMail before Build 7776 allows XSS.The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.Knowing your legal distinctions can make defense easier should you end up in court after a breach, attack, or data loss.Multiple stored cross-site scripting (XSS) vulnerabilities in IRIS IrisNext 9.5.16 allow remote authenticated users to inject arbitrary web script or HTML via a document or folder name that is mishandled when rendering the contact form or search form.An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.The provider of remote monitoring and management services warns customers to not run its software until a patch is available and manually installed.The REvil group is claiming that over 1 million devices have been infected and is demanding $70 million for a universal decryption key.REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.Audacity software has been acquired, and the new verbiage added to the privacy policy has the open-source community up in arms.Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System.Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.Learn about what GLBA means for data protection and how to achieve GLBA compliance in Data Protection 101, our series on the fundamentals of information security.Say hello to one more zero-day and yet more potential remote data death for those who canβt/wonβt upgrade their My Cloud storage devices.Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.A new survey shows leaked enterprise secrets costs companies millions of dollars each year.Jack Wallen explains how to protect your web browsing from supercookies with Firefox's new privacy feature.The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code executionAn issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.The fix doesnβt cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked itImproper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.Service demands at the network edge mean customers need to get cost, performance, and security right.Fixing a serious security hole in the Windows Print spooler service, the patch is available for almost all versions of Windows, even Windows 7.David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them.A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name spaceapp/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.A closer look at the printer software vulnerability - and what you can do about it.Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers' bank-card data.Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administratorΓ’β¬β’s permission and execute arbitrary functions.Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device.Urges Organizations to immediately apply security update citing exploit activity.Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?This tool will make this productβprobably the best password manager on the marketβeven better.Threat actors enlist compromised WordPress websites in campaign targeting macOS users.IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you.Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims' business-critical processes and to intercept data.The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.Recent changes to Nevadaβs privacy law, effective October 1, 2021, give residents a broader right to opt out of sales and puts the onus on "data brokers" to respond to such requests.Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.A new report finds that fake investment scams have netted the most funds among all the types of active blockchain scams.Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command.Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.A new phishing campaign claims to offer a security update for Kaseya's VSA software but actually tries to install malware, says Malwarebytes.hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in "request smuggling" or "desync attacks." The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and laterWhen configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists five more things about ransomware you need to know.Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.A use-after-free vulnerability exists in the way WebkitΓ’β¬β’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.Found on Google Play and third-party app stores, the apps discovered by Lookout stole an estimated $350,000 from more than 93,000 people.West Monroe's executive poll details third-quarter hiring expectations, cybersecurity preparedness, investments to digitize business operations and more.Phishing, malicious files and other forms of fraud have followed the highly awaited movie since it was first delayed due to COVID-19. On the eve of its actual release, the scams have begun anew.Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.Jack Wallen shows you how to configure specific DNS servers for your Docker container deployments.The Trojan sends information back to the attackers' servers about the programming language of a target device.A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials.Two executives reportedly used stolen intellectual property to build their company up to a nearly $1 billion valuation, the DOJ announced this week.Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.Notorious North Korean APT impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.Ransomware negotiators, cyber risks to the financial system, and why traditional passwords are here to stay - catch up on all of the week's infosec news with the Friday Five!And the winner of Dark Reading's June contest is ...** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code.A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.SQL injection exists in Kaseya VSA before 9.5.6.Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.Yes, the headline is a rhetorical question. But sometimes we get literal answers, and they're well worth remembering.The information sharing organization helps companies deal with security threats and supports more collaboration overall.The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization.Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countries, corporations and individuals are taking advantage of the rapid spread of the Internet and smart devices. In this context, a single vulnerable link is enough to bring down the entire system, just like the domino effect.A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the userΓ’β¬β’s browser.A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the userΓ’β¬β’s browser.A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory.Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data.A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via theX-forwarded-for Header parameter.Yes, the headline is a rhetorical question. But sometimes we get literal answers, and they're well worth remembering.Messaging apps are becoming some of the most popular smartphone programs in the world, and that means more attempts to phish their users, Kaspersky finds.Learn how the trick works so that you can avoid it in case someone thinks it's a joke to catch you out.The attacks are enabled by an unpatched security vulnerability in ForgeRock's Access Management, a popular platform that front-ends web apps and remote-access setups.Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216.In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204164.RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.The group, which was based in Romania, reportedly conned online consumers out of $2 million.Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.The Backup by 10Web ΓΒ’Γ’β¬Òβ¬Ε Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issueA command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issueIcinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it's possible to setup protection rules and blacklists in a user's role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question.Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.Dubbed Modipwn, the vulnerability affects a wide variety of Modicon programmable logic controllers used in manufacturing, utilities, automation and other roles.Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials.Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesWhen reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon WearablesA vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.