Channel address:
Categories:
Technologies
Language: English
Subscribers:
19.58K
Description from channel
🗞 The finest daily news on cybersecurity and privacy.
🔔 Daily releases.
💻 Is your online life secure?
📩 lalilolalo.dev@gmail.com
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
2
3 stars
0
2 stars
0
1 stars
1
The latest Messages 5
2021-10-29 19:18:13
CVE-2021-41186 Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).
Read
via "
National Vulnerability Database".
65 views16:18
2021-10-29 18:48:09
All Day DevOps 2021: Securing the software supply chain with ephemerality and the least-privilege principle ‘The new boundary for systems engineering is how ephemeral can you make any given process with a privilege’
Read
via "
The Daily Swig".
91 views15:48
2021-10-29 18:37:42
What Exactly Is Secure Access Service Edge (SASE)? Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.
Read
via "
Dark Reading".
90 views15:37
2021-10-29 18:33:58
Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.
Read
via "
Threat Post".
92 views15:33
2021-10-29 17:37:39
A Treehouse of Security Horrors True-life horrors from conversations with software engineers and developers. D'oh!
Read
via "Dark Reading".
99 views14:37
2021-10-29 17:18:13
CVE-2021-22038 On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.
Read
via "
National Vulnerability Database".
102 views14:18
2021-10-29 17:18:11
CVE-2021-22037 Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.
Read
via "
National Vulnerability Database".
75 views14:18
2021-10-29 17:18:10
CVE-2021-3662 Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).
Read
via "
National Vulnerability Database".
73 views14:18
2021-10-28 22:36:01
Stop Zero-Day Ransomware Cold With AI AI can help recognize ransomware attacks and stop them at computer speed.
Read
via "
Dark Reading".
28 views19:36
2021-10-28 22:36:00
US to Create Diplomatic Bureau to Lead Cybersecurity Policy As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy.
Read
via "
Dark Reading".
31 views19:36