🛡 Cybersecurity & Privacy 🛡 - News

2021-10-28 22:35:59 What is Phishing? Common Attacks & How to Avoid Them

The goal of nearly every phishing attempt is to steal information but attacks can come in different forms. In today's blog, we break down common phishing types, tactics and 50 examples of phishing attacks.

Read

via "". Open / Comment

2021-10-28 21:17:27 CVE-2021-3745

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 21:17:26 CVE-2020-7875

DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 21:17:24 CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 21:17:23 CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 21:17:22 CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 21:17:21 CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 20:06:14 3 Security Lessons Learned From the Kaseya Ransomware Attack

Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.

Read

via "Dark Reading". Open / Comment

2021-10-28 19:17:44 CVE-2018-14640

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 19:17:43 CVE-2021-3579

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.

Read

via "National Vulnerability Database". Open / Comment