🛡 Cybersecurity & Privacy 🛡 - News

2021-10-21 22:55:06 Why Should My Organization Consider XDR?

XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.

Read

via "Dark Reading". Open / Comment

2021-10-21 22:00:46 US Treasury Outlines Compliance Best Practices for Cryptocurrency Companies

The newly released guide is designed to emphasize sanctions compliance requirements amid the US government’s efforts to combat ransomware.

Read

via "". Open / Comment

2021-10-21 21:37:09 CVE-2021-42327

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:08 CVE-2021-28496

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:07 CVE-2021-29873

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:06 CVE-2020-14263

"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:05 CVE-2020-27304

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:04 CVE-2021-29883

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:03 CVE-2021-20120

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.

Read

via "National Vulnerability Database". Open / Comment

2021-10-21 21:37:02 CVE-2021-28975

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.

Read

via "National Vulnerability Database". Open / Comment