🛡 Cybersecurity & Privacy 🛡 - News

2021-10-28 01:05:26 Defenders Worry Orgs Are More Vulnerable Than Last Year

Most IT and security leaders are confident their cybersecurity strategy is on the right track, but they still believe their organizations are as vulnerable as they were a year ago.

Read

via "Dark Reading". Open / Comment

2021-10-28 01:02:30 WordPress Plugin Bug Lets Subscribers Wipe Sites

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media.

Read

via "Threat Post". Open / Comment

2021-10-28 00:04:24 QR Codes Help Attackers Sneak Emails Past Security Controls

A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.

Read

via "Dark Reading". Open / Comment

2021-10-27 23:32:22 Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.

Read

via "Threat Post". Open / Comment

2021-10-27 23:32:20 Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam

The kid was busted after abusing Google Ads to lure users to his fake gift card site. 

Read

via "Threat Post". Open / Comment

2021-10-27 23:16:43 CVE-2021-34791

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 23:16:41 CVE-2021-34794

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 23:16:41 CVE-2021-3900

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 22:35:21 iOS 14 Update Fixes Memory Corruption Zero Day

Apple fixed CVE-2021-30883, a iOS zero day weeks ago in iOS 15. Now a patch has arrived for those still running iOS 14.

Read

via "". Open / Comment

2021-10-27 22:35:20 Read Between the Lines: Finding Flaws in EPUB Reading Systems

Security researchers who analyzed 97 free EPUB reading applications found half are not compliant with security recommendations.

Read

via "Dark Reading". Open / Comment