messages24.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages23.html">
Previous messages
     </a>

     <div class="message service" id="message-758">

      <div class="body details">
4 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:32">
16:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1136 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23099">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:33">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1243 ‼</strong><br><br><code>A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23100">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:34">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1313 ‼</strong><br><br><code>Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23101">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:34">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1333 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23102">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:35">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1295 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23103">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:36">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1221 ‼</strong><br><br><code>A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23104">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:37">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4826 ‼</strong><br><br><code>IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4826">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23105">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:38">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1318 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23106">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:39">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1297 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23107">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:43">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1244 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23108">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:44">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1314 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23109">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:45">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1289 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23110">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:46">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1345 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23111">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:46">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1319 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1319">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23112">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:52:26">
16:52
       </div>

       <div class="text">
<strong>❌ Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months ❌</strong><br><br><code>As many as 100,000 of the music streaming service&apos;s customers could face account takeover.</code><br><br><a href="https://threatpost.com/spotify-credential-stuffing-cyberattack/163672/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23113">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 17:35:03">
17:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Scientist Stole Trade Secrets Before Joining Competitor 🔏</strong><br><br><code>It wasn&apos;t until after the employee left that the company realized how many proprietary files he&apos;d transferred to his personal email accounts and thumb drives.</code><br><br><a href="https://digitalguardian.com/blog/scientist-stole-trade-secrets-joining-competitor">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23114">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:00:34">
18:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to compile NGINX for ModSecurity support on Ubuntu Server 20.04 🦿</strong><br><br><code>Jack Wallen walks you through the manual process of installing ModSecurity for NGINX on Ubuntu Server 20.04.</code><br><br><a href="https://www.techrepublic.com/article/how-to-compile-nginx-for-modsecurity-support-on-ubuntu-server-20-04/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23115">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:24">
18:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25249 ‼</strong><br><br><code>An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23116">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:25">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25237 ‼</strong><br><br><code>An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23117">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:26">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-0350 ‼</strong><br><br><code>In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05342338.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23118">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:27">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-0343 ‼</strong><br><br><code>In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23119">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:28">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25244 ‼</strong><br><br><code>An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23120">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:29">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25227 ‼</strong><br><br><code>Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability – i.e. the attacker must already have access to the target system (either legitimately or via another exploit).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23121">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:30">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25241 ‼</strong><br><br><code>A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25241">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23122">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:31">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25240 ‼</strong><br><br><code>An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23123">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:32">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25233 ‼</strong><br><br><code>An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23124">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:33">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-0344 ‼</strong><br><br><code>In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05437558.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23125">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:34">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25229 ‼</strong><br><br><code>An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23126">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:35">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-0346 ‼</strong><br><br><code>In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05371580.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23127">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:37">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25248 ‼</strong><br><br><code>An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23128">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:38">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25246 ‼</strong><br><br><code>An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23129">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:39">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-0348 ‼</strong><br><br><code>In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23130">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:40">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25245 ‼</strong><br><br><code>An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23131">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:41">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25243 ‼</strong><br><br><code>An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23132">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:42">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25236 ‼</strong><br><br><code>A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23133">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:43">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25239 ‼</strong><br><br><code>An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23134">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:34:44">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-0345 ‼</strong><br><br><code>In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23135">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 18:52:32">
18:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Android Devices Prone to Botnet’s DDoS Onslaught ❌</strong><br><br><code>A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.</code><br><br><a href="https://threatpost.com/android-devices-prone-to-botnets-ddos-onslaught/163680/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23136">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 19:09:54">
19:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Says It&apos;s Time to Attack Your Machine-Learning Models 🕴</strong><br><br><code>With access to some training data, Microsoft&apos;s red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/advanced-threats/microsoft-says-its-time-to-attack-your-machine-learning-models/d/d-id/1340072?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23137">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 19:09:55">
19:09
       </div>

       <div class="text">
<strong>🕴 Web Application Attacks Grow Reliant on Automated Tools 🕴</strong><br><br><code>Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.</code><br><br><a href="https://www.darkreading.com/application-security/web-application-attacks-grow-reliant-on-automated-tools/d/d-id/1340071?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23138">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 19:39:55">
19:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 IBM Offers $3M in Grants to Defend Schools from Cyberattacks 🕴</strong><br><br><code>The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ibm-offers-%243m-in-grants-to-defend-schools-from-cyberattacks/d/d-id/1340075?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23139">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 20:39:57">
20:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google&apos;s Payout to Bug Hunters Hits New High 🕴</strong><br><br><code>Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/googles-payout-to-bug-hunters-hits-new-high/d/d-id/1340076?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-759">

      <div class="body details">
5 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23140">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 10:30:30">
10:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Chrome zero-day browser bug found – patch now! ⚠</strong><br><br><code>Google is playing its cards close to its chest to avoid giving too much away.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23141">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 11:40:23">
11:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 AI and APIs: The A+ Answers to Keeping Data Secure and Private 🕴</strong><br><br><code>Many IT and security leaders view regulations and internal processes designed to manage and secure data as additional red tape, slowing processes and innovation. Nothing could be further from the truth.</code><br><br><a href="https://www.darkreading.com/edge/theedge/ai-and-apis-the-a+-answers-to-keeping-data-secure-and-private/b/d-id/1340059?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23142">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:05:37">
12:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 2/5 🔏</strong><br><br><code>Chrome updates, open source frameworks, and an interview with a cybercriminal - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-2/5">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23143">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:10:22">
12:10
       </div>

       <div class="text">
<strong>🕴 Cybercrime Goes Mainstream 🕴</strong><br><br><code>Organized cybercrime is global in scale and the second-greatest risk over the next decade.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/cybercrime-goes-mainstream/a/d-id/1340012?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23144">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:23:12">
12:23
       </div>

       <div class="text">
<strong>❌ Ransomware Attacks Hit Major Utilities ❌</strong><br><br><code>Electrobras, the largest power company in Latin America, faced a temporary suspension of some operations.</code><br><br><a href="https://threatpost.com/ransomware-attacks-major-utilities/163687/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23145">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:15">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26711 ‼</strong><br><br><code>A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23146">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:16">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-36241 ‼</strong><br><br><code>autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file&apos;s parent is a symlink to a directory outside of the intended extraction location.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36241">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23147">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:17">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-8807 ‼</strong><br><br><code>In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim&apos;s address and an IP address, aka a timing side channel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23148">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:19">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26708 ‼</strong><br><br><code>A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23149">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:20">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10538 ‼</strong><br><br><code>An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23150">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:21">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18717 ‼</strong><br><br><code>SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23151">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:22">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10537 ‼</strong><br><br><code>An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10537">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23152">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:23">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10539 ‼</strong><br><br><code>An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password&apos;s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a &quot;Backdoor Password&quot; of 3p1kursupport). If the submitted password matches either one, access is granted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23153">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:24">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-8806 ‼</strong><br><br><code>Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8806">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23154">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:25">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3333 ‼</strong><br><br><code>Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23155">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:25">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-35765 ‼</strong><br><br><code>doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23156">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:26">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18716 ‼</strong><br><br><code>SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23157">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:27">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26710 ‼</strong><br><br><code>A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26710">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23158">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:28">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20652 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23159">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:29">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18715 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23160">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:30">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18713 ‼</strong><br><br><code>SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23161">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:31">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20623 ‼</strong><br><br><code>Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20623">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23162">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:32">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18714 ‼</strong><br><br><code>SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php&apos;s getdata function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23163">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:35:33">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3311 ‼</strong><br><br><code>An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23164">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 12:53:13">
12:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Chrome Zero-Day Afflicts Windows, Mac Users ❌</strong><br><br><code>Google warns of a zero-day vulnerability in the V8 open-source engine that&apos;s being actively exploited by attackers.</code><br><br><a href="https://threatpost.com/google-chrome-zero-day-windows-mac/163688/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23165">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 14:35:18">
14:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3382 ‼</strong><br><br><code>Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3382">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23166">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 14:35:19">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18737 ‼</strong><br><br><code>An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23167">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 14:35:20">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-4832 ‼</strong><br><br><code>IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23168">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 14:35:21">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3258 ‼</strong><br><br><code>Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3258">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23169">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 15:40:29">
15:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Pro Tip: Don&apos;t Doubt Yourself 🕴</strong><br><br><code>The Edge asked season security pros what they wish they had known when they first got into the field.</code><br><br><a href="https://www.darkreading.com/edge/theedge/pro-tip-dont-doubt-yourself/b/d-id/1340080?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23170">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 16:30:55">
16:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks 🦿</strong><br><br><code>Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.</code><br><br><a href="https://www.techrepublic.com/article/ddos-for-hire-services-are-exploiting-plex-media-flaw-to-amplify-their-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23171">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 16:35:21">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26722 ‼</strong><br><br><code>LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the &quot;No results found for&quot; message in the search bar.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23172">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 17:10:36">
17:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Security Researchers Push for &apos;Bug Bounty Program of Last Resort&apos; 🕴</strong><br><br><code>An international program that pays out hefty sums for the discovery of software vulnerabilities could spur greater scrutiny of applications and lead to better security.</code><br><br><a href="https://www.darkreading.com/application-security/security-researchers-push-for-bug-bounty-program-of-last-resort/d/d-id/1340081?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23173">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:29">
18:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-10375 ‼</strong><br><br><code>An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23174">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:30">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1072 ‼</strong><br><br><code>NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23175">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:31">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-9453 ‼</strong><br><br><code>In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23176">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:33">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10553 ‼</strong><br><br><code>An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23177">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:34">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10552 ‼</strong><br><br><code>An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23178">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:35">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10857 ‼</strong><br><br><code>Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23179">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:36">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10234 ‼</strong><br><br><code>The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10234">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23180">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:37">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-18750 ‼</strong><br><br><code>Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23181">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:38">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10554 ‼</strong><br><br><code>An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23182">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:38">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-12122 ‼</strong><br><br><code>In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23183">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:39">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-9014 ‼</strong><br><br><code>In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23184">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:35:40">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-10858 ‼</strong><br><br><code>Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10858">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23185">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 18:41:34">
18:41
       </div>

       <div class="text">
<strong>🕴 Spotify Hit With Another Credential-Stuffing Attack 🕴</strong><br><br><code>This marks the second credential-stuffing attack to hit the streaming platform in the last few months.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/spotify-hit-with-another-credential-stuffing-attack/d/d-id/1340083?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23186">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 19:23:25">
19:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites ❌</strong><br><br><code>An CRSF-to-stored-XSS security bug plagues 50,000 &apos;Contact Form 7&apos; Style users.</code><br><br><a href="https://threatpost.com/unpatched-wordpress-plugin-code-injection/163706/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23187">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 19:53:27">
19:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Industrial Networks See Sharp Uptick in Hackable Security Holes ❌</strong><br><br><code>Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding critical security bugs in ICS networks.</code><br><br><a href="https://threatpost.com/industrial-networks-hackable-security-holes/163708/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23188">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 20:35:35">
20:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21303 ‼</strong><br><br><code>Helm is open-source software which is essentially &quot;The Kubernetes Package Manager&quot;. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used &quot;as is&quot; without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23189">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 20:35:36">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3229 ‼</strong><br><br><code>Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23190">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 22:35:40">
22:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-14312 ‼</strong><br><br><code>A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23191">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 22:35:41">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-11836 ‼</strong><br><br><code>OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The â€&amp;oelig;adb shell getprop ro.vendor.aee.enforcingâ€� or â€&amp;oelig;adb shell getprop ro.vendor.aee.enforcingâ€� return no.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23192">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 22:35:42">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-22301 ‼</strong><br><br><code>Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22301">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23193">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 22:35:43">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-5812 ‼</strong><br><br><code>Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5812">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23194">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 22:35:44">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-22307 ‼</strong><br><br><code>There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23195">

      <div class="body">

       <div class="pull_right date details" title="05.02.2021 22:35:48">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20176 ‼</strong><br><br><code>A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-760">

      <div class="body details">
6 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23196">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.02.2021 08:36:13">
08:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26723 ‼</strong><br><br><code>Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&amp;query= XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-761">

      <div class="body details">
7 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23197">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.02.2021 18:38:34">
18:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-36242 ‼</strong><br><br><code>In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23198">

      <div class="body">

       <div class="pull_right date details" title="07.02.2021 18:38:35">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3122 ‼</strong><br><br><code>CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor&apos;s position is that exploitation occurs only on devices with a certain &quot;misconfiguration.&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23199">

      <div class="body">

       <div class="pull_right date details" title="07.02.2021 18:38:36">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-36243 ‼</strong><br><br><code>The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23200">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.02.2021 19:06:43">
19:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Perl.com</strong> <strong>gets its domain back – normal service restored! ⚠</strong><br><br><code>All&apos;s well that ends well.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/07/perl-com-gets-its-domain-back-normal-service-restored/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-762">

      <div class="body details">
8 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23201">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 03:38:55">
03:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-11920 ‼</strong><br><br><code>An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device&apos;s services are running as root).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23202">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 03:38:55">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-11915 ‼</strong><br><br><code>An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&amp;save=1&amp;reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device&apos;s Wi-Fi access point.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23203">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 11:03:11">
11:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 World Economic Forum calls cybersecurity one of the &quot;key threats of the next decade&quot; 🦿</strong><br><br><code>The Global Risks Report highlights the onslaught of cyberattacks and a failure of governments to stop them.</code><br><br><a href="https://www.techrepublic.com/article/world-economic-forum-calls-cybersecurity-one-of-the-key-threats-of-the-next-decade/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23204">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 12:12:36">
12:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Hidden Dangers of Microsoft 365&apos;s Power Automate and eDiscovery Tools 🕴</strong><br><br><code>Attackers are using legitimate enterprise tools to execute attacks and carry out malicious actions. Security teams must take action now.</code><br><br><a href="https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365s-power-automate-and-ediscovery-tools-/a/d-id/1340014?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23205">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 12:39:22">
12:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26052 ‼</strong><br><br><code>Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23206">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 12:39:22">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26051 ‼</strong><br><br><code>College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters &apos;unametxt&apos; and &apos;pwdtxt&apos;, which are not filtered before passing a SQL query.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26051">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23207">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 13:55:42">
13:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ WestRock Ransomware Attack Hinders Packaging Production ❌</strong><br><br><code>The ransomware attack, affecting OT systems, resulted in some of WestRock&apos;s facilities lagging in production levels.</code><br><br><a href="https://threatpost.com/westrock-ransomware-attack/163717/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23208">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:02:53">
14:02
       </div>

       <div class="text">
<strong>🦿 How much is your info worth on the Dark Web? For Americans, it&apos;s just $8 🦿</strong><br><br><code>A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25.</code><br><br><a href="https://www.techrepublic.com/article/how-much-is-your-info-worth-on-the-dark-web-for-americans-its-just-8/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23209">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:25:04">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Fake Forcepoint Google Chrome Extension Hacks Windows Users ❌</strong><br><br><code>In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to.</code><br><br><a href="https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23210">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:34:39">
14:34
       </div>

       <div class="text">
<strong>🛠 AIDE 0.17.2 🛠</strong><br><br><code>AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.</code><br><br><a href="https://packetstormsecurity.com/files/161339/aide-0.17.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23211">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:26">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26825 ‼</strong><br><br><code>An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23212">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:27">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-22122 ‼</strong><br><br><code>An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23213">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:28">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-6649 ‼</strong><br><br><code>An insufficient session expiration vulnerability in FortiNet&apos;s FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6649">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23214">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:29">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3293 ‼</strong><br><br><code>emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23215">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:30">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20359 ‼</strong><br><br><code>IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23216">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:31">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-16629 ‼</strong><br><br><code>PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16629">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23217">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:33">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20358 ‼</strong><br><br><code>IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23218">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 14:39:34">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26826 ‼</strong><br><br><code>A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26826">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23219">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 15:02:26">
15:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Jargonbuster: Bugs, vulns, 0-days and exploits ⚠</strong><br><br><code>Latest Naked Security Live talk - watch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/08/naked-security-live-jargonbuster-bugs-vulns-0-days-and-exploits/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23220">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 15:32:55">
15:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cognitive agility can help solve some &quot;wicked&quot; cybersecurity challenges 🦿</strong><br><br><code>Using psychology can help improve the odds of success against a cybercriminal&apos;s digital incursion.</code><br><br><a href="https://www.techrepublic.com/article/cognitive-agility-can-help-solve-some-wicked-cybersecurity-challenges/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23221">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:31">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26540 ‼</strong><br><br><code>Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the &quot;allowedIframeHostnames&quot; option when the &quot;allowIframeRelativeUrls&quot; is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with &quot;/\\example.com&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26540">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23222">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:32">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26541 ‼</strong><br><br><code>The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26541">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23223">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:33">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21304 ‼</strong><br><br><code>Dynamoose is an open-source modeling tool for Amazon&apos;s DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method &quot;lib/utils/object/set.ts&quot;. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23224">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:34">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25142 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23225">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:35">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25837 ‼</strong><br><br><code>Cosmos Network Ethermint &lt;= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an &quot;arbitrary mint token&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23226">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:36">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25834 ‼</strong><br><br><code>Cosmos Network Ethermint &lt;= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23227">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:37">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26539 ‼</strong><br><br><code>Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the &quot;allowedIframeHostnames&quot; option.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23228">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:38">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25835 ‼</strong><br><br><code>Cosmos Network Ethermint &lt;= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables &quot;cross-chain transaction replay&quot; attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23229">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 16:39:38">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25836 ‼</strong><br><br><code>Cosmos Network Ethermint &lt;= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23230">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 17:07:52">
17:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Virginia on Pace to Pass United States&apos; Next Comprehensive Privacy Law 🔏</strong><br><br><code>Virginia is right on California&apos;s heels; the state may adopt its own consumer data privacy act - leading to more stringent data protection - later this month.</code><br><br><a href="https://digitalguardian.com/blog/virginia-pace-pass-united-states-next-comprehensive-privacy-law">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23231">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 17:42:46">
17:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Android App Infects Millions of Devices With a Single Update 🕴</strong><br><br><code>The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.</code><br><br><a href="https://www.darkreading.com/application-security/android-app-infects-millions-of-devices-with-a-single-update/d/d-id/1340093?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23232">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:12:44">
18:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What&apos;s the Difference Between &apos;Observability&apos; and &apos;Visibility&apos; in Security? 🕴</strong><br><br><code>To drive holistic security success, we have to start with the interlinking of visibility and observability.</code><br><br><a href="https://www.darkreading.com/edge/theedge/whats-the-difference-between-observability-and-visibility-in-security--/b/d-id/1340096?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23233">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:25:06">
18:25
       </div>

       <div class="text">
<strong>❌ Billions of Passwords Offered for $2 in Cyber-Underground ❌</strong><br><br><code>About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a &apos;COMB&apos; collection.</code><br><br><a href="https://threatpost.com/billions-passwords-cyber-underground/163738/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23234">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:25:08">
18:25
       </div>

       <div class="text">
<strong>❌ Critical WordPress Plugin Flaw Allows Site Takeover ❌</strong><br><br><code>A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.</code><br><br><a href="https://threatpost.com/critical-wordpress-plugin-flaw-site-takeover/163734/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23235">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:32:57">
18:32
       </div>

       <div class="text">
<strong>🦿 How to block point-to-point file transfers in Skype for Business using PowerShell 🦿</strong><br><br><code>There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You&apos;ll need to issue a global policy.</code><br><br><a href="https://www.techrepublic.com/article/how-to-block-point-to-point-file-transfers-in-skype-for-business-using-powershell/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23236">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:35">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26905 ‼</strong><br><br><code>1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26905">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23237">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:36">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25168 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23238">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:37">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26574 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26574">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23239">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:37">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25171 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23240">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:38">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25170 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23241">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:39">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26571 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23242">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:40">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-7785 ‼</strong><br><br><code>This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7785">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23243">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:41">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21290 ‼</strong><br><br><code>Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &amp; clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty&apos;s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method &quot;File.createTempFile&quot; on unix-like systems creates a random file, but, by default will create this file with the permissions &quot;-rw-r--r--&quot;. Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty&apos;s &quot;AbstractDiskHttpData&quot; is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own &quot;java.io.tmpdir&quot; when you start the JVM or use &quot;DefaultHttpDataFactory.setBaseDir(...)&quot; to set the directory to something that is only readable by the current user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21290">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23244">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:42">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21240 ‼</strong><br><br><code>httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of &quot;\xa0&quot; characters in the &quot;www-authenticate&quot; header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23245">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:44">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26573 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23246">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:45">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25172 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25172">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23247">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:45">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-7786 ‼</strong><br><br><code>This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23248">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:46">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25169 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25169">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23249">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:47">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26572 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23250">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:48">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26575 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23251">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:49">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26577 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23252">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:50">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-7782 ‼</strong><br><br><code>This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7782">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23253">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:51">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21305 ‼</strong><br><br><code>CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The &quot;#manipulate!&quot; method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23254">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:52">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26910 ‼</strong><br><br><code>Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26910">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23255">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:39:53">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21288 ‼</strong><br><br><code>CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21288">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23256">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 18:42:36">
18:42
       </div>

       <div class="text">
<strong>🕴 Chemical Settings at Water Treatment Utility Get Hacked 🕴</strong><br><br><code>Remote access interface breached at Florida utility; attacker detected raising level of sodium hydroxide in water.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/hacker-raised-chemical-settings-at-water-treatment-plant-to-dangerous-levels/d/d-id/1340095?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23257">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:12:49">
20:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Malicious Code Injected via Google Chrome Extension Highlights App Risks 🕴</strong><br><br><code>An open source plug-in purportedly introduced tracking and malicious download code to infect nearly 2 million users, reports say.</code><br><br><a href="https://www.darkreading.com/application-security/malicious-code-injected-via-google-chrome-extension-highlights-app-risks/d/d-id/1340100?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23258">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:33:00">
20:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to easily check if an email is legit or a scam, and protect yourself and your company 🦿</strong><br><br><code>Use these practical guidelines to determine if something&apos;s a great deal or too good to be true.</code><br><br><a href="https://www.techrepublic.com/article/how-to-easily-check-if-an-email-is-legit-or-a-scam-and-protect-yourself-and-your-company/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23259">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:33:01">
20:33
       </div>

       <div class="text">
<strong>🦿 Top 5 reasons not to use fear to encourage security compliance 🦿</strong><br><br><code>Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.</code><br><br><a href="https://www.techrepublic.com/article/top-5-reasons-not-to-use-fear-to-encourage-security-compliance/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23260">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:33:02">
20:33
       </div>

       <div class="text">
<strong>🦿 Why you shouldn&apos;t use fear to encourage security compliance: 5 reasons 🦿</strong><br><br><code>Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.</code><br><br><a href="https://www.techrepublic.com/videos/why-you-shouldnt-use-fear-to-encourage-security-compliance-5-reasons/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23261">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:33:03">
20:33
       </div>

       <div class="text">
<strong>🦿 Can your organization obtain reasonable cybersecurity? Yes, and here&apos;s how 🦿</strong><br><br><code>Cybersecurity expectations are vague, and that has to change if there is any chance of approaching a reasonable amount of cybersecurity.</code><br><br><a href="https://www.techrepublic.com/article/can-your-organization-obtain-reasonable-cybersecurity-yes-and-heres-how/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23262">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:10">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-22502 ‼</strong><br><br><code>Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23263">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:11">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26916 ‼</strong><br><br><code>In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23264">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:12">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36148 ‼</strong><br><br><code>Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23265">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:13">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-8578 ‼</strong><br><br><code>Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23266">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:14">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26220 ‼</strong><br><br><code>The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23267">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:15">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26528 ‼</strong><br><br><code>The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23268">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:16">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-13947 ‼</strong><br><br><code>An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23269">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:17">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25913 ‼</strong><br><br><code>Prototype pollution vulnerability in â€&amp;tilde;set-or-get’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23270">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:18">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26530 ‼</strong><br><br><code>The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26530">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23271">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:19">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26576 ‼</strong><br><br><code>The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23272">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:20">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26222 ‼</strong><br><br><code>The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23273">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:21">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26529 ‼</strong><br><br><code>The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23274">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:22">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26914 ‼</strong><br><br><code>NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26914">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23275">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:23">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26915 ‼</strong><br><br><code>NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23276">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:24">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36150 ‼</strong><br><br><code>Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23277">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:25">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-8590 ‼</strong><br><br><code>Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8590">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23278">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:26">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36151 ‼</strong><br><br><code>Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23279">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:27">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26221 ‼</strong><br><br><code>The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23280">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:28">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21306 ‼</strong><br><br><code>Marked is an open-source markdown parser and compiler (npm package &quot;marked&quot;). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21306">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23281">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 20:39:29">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26913 ‼</strong><br><br><code>NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23282">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 21:12:49">
21:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Emotet Takedown: Short-Term Celebration, Long-Term Concerns 🕴</strong><br><br><code>Security researchers examine how and when Emotet&apos;s operators may resurface, and the threats that could evolve in the meantime.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/emotet-takedown-short-term-celebration-long-term-concerns/d/d-id/1340103?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23283">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 21:32:29">
21:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Safer Internet Day – Why not up your game? ⚠</strong><br><br><code>Four tips for Safer Internet Day</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/09/safer-internet-day-why-not-up-your-game/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23284">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 22:39:45">
22:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29021 ‼</strong><br><br><code>A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23285">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 22:39:46">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3294 ‼</strong><br><br><code>CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3294">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23286">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 22:39:46">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-14391 ‼</strong><br><br><code>A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14391">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23287">

      <div class="body">

       <div class="pull_right date details" title="08.02.2021 22:39:47">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-26917 ‼</strong><br><br><code>** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states &quot;security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host.&quot; NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-763">

      <div class="body details">
9 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23288">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 09:56:31">
09:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Hacker Tries to Poison Water Supply of Florida Town ❌</strong><br><br><code>A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.</code><br><br><a href="https://threatpost.com/hacker-tries-to-poison-water-supply-of-florida-town/163761/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23289">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 11:03:37">
11:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Ransomware can be installed via ghost accounts 🦿</strong><br><br><code>Active accounts for people who have left your organization can make exploitation easy, according to Sophos.</code><br><br><a href="https://www.techrepublic.com/videos/ransomware-can-be-installed-via-ghost-accounts/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23290">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 11:13:13">
11:13
       </div>

       <div class="text">
<strong>🕴 Iranian Cyber Groups Spying on Dissidents &amp; Others of Interest to Government 🕴</strong><br><br><code>A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/iranian-cyber-groups-spying-on-dissidents-and-others-of-interest-to-government/d/d-id/1340104?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23291">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 12:13:16">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Fighting Fileless Malware, Part 2: Countermeasures 🕴</strong><br><br><code>Why do fileless attacks persist? Let&apos;s break down the strengths and weaknesses of the existing mitigations.</code><br><br><a href="https://www.darkreading.com/edge/theedge/fighting-fileless-malware-part-2-countermeasures/b/d-id/1340098?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23292">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 12:13:17">
12:13
       </div>

       <div class="text">
<strong>🕴 SolarWinds Attack Reinforces Importance of Principle of Least Privilege 🕴</strong><br><br><code>Taking stock of least-privilege policies will go a long way toward hardening an organization&apos;s overall security posture.</code><br><br><a href="https://www.darkreading.com/endpoint/solarwinds-attack-reinforces-importance-of-principle-of-least-privilege/a/d-id/1340033?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23293">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 12:56:37">
12:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cyberpunk 2077 Publisher Hit with Hack, Threats and Ransomware ❌</strong><br><br><code>CD Projekt Red was hit with a cyberattack, and the attackers are threatening to release source code for Witcher 3, corporate documents and more.</code><br><br><a href="https://threatpost.com/cyberpunk-2077-publisher-hack-ransomware/163775/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23294">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 12:56:38">
12:56
       </div>

       <div class="text">
<strong>❌ Android Devices Hunted by LodaRAT Windows Malware ❌</strong><br><br><code>The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign.</code><br><br><a href="https://threatpost.com/android-devices-lodarat-windows/163769/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23295">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:03:07">
14:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Beware of technical “experts” bombarding you with bug reports ⚠</strong><br><br><code>Beware pseudo-geeks bearing &apos;gifts&apos;.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/09/beware-of-technical-experts-bombarding-you-with-bug-reports/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23296">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:03:08">
14:03
       </div>

       <div class="text">
<strong>🦿 FBI, Secret Service investigating cyberattack on Florida water treatment plant 🦿</strong><br><br><code>Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town&apos;s water.</code><br><br><a href="https://www.techrepublic.com/article/fbi-secret-service-investigating-cyberattack-on-florida-water-treatment-plant/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23297">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:29">
14:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21146 ‼</strong><br><br><code>Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23298">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:30">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27259 ‼</strong><br><br><code>The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23299">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:31">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4795 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4795">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23300">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:32">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27261 ‼</strong><br><br><code>The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23301">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:33">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21147 ‼</strong><br><br><code>Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23302">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:34">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-26676 ‼</strong><br><br><code>gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23303">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:35">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-3394 ‼</strong><br><br><code>Millennium Millewin (also known as &quot;Cartella clinica&quot;) 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23304">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:36">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27257 ‼</strong><br><br><code>This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27257">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23305">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:37">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21142 ‼</strong><br><br><code>Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23306">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:38">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21148 ‼</strong><br><br><code>Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23307">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:39">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4791 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23308">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:40">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4995 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users&apos; session. IBM X-Force ID: 192912.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4995">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23309">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:41">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21144 ‼</strong><br><br><code>Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23310">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:41">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-26921 ‼</strong><br><br><code>In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23311">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:42">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4790 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23312">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:43">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21145 ‼</strong><br><br><code>Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23313">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:44">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-26675 ‼</strong><br><br><code>A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23314">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:45">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4996 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4996">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23315">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 14:40:46">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21143 ‼</strong><br><br><code>Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23316">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:39">
16:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25140 ‼</strong><br><br><code>A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23317">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:40">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-35943 ‼</strong><br><br><code>A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35943">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23318">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:41">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28394 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.1.0.1), Teamcenter Visualization (All versions &lt; V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23319">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:42">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28392 ‼</strong><br><br><code>A vulnerability has been identified in SIMARIS configuration (All versions). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23320">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:43">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-35942 ‼</strong><br><br><code>A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23321">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:44">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-35572 ‼</strong><br><br><code>Adminer through 4.7.8 allows XSS via the history parameter to the default URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23322">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:46:46">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-25141 ‼</strong><br><br><code>A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch&apos;s management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23323">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 16:56:43">
16:56
       </div>

       <div class="text">
<strong>❌ Attackers Exploit Critical Adobe Flaw to Target Windows Users ❌</strong><br><br><code>A critical vulnerability in Adobe Reader has been exploited in &quot;limited attacks.&quot;</code><br><br><a href="https://threatpost.com/critical-adobe-windows-flaw/163789/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23324">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 17:03:49">
17:03
       </div>

       <div class="text">
<strong>🦿 Plex patches media server bug potentially exploited by DDoS attackers 🦿</strong><br><br><code>All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.</code><br><br><a href="https://www.techrepublic.com/article/plex-patches-media-server-bug-potentially-exploited-by-ddos-attackers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23325">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 17:08:47">
17:08
       </div>

       <div class="text">
<strong>🔏 Florida Water Hack Underscores Lack of Municipal Cyber Funding 🔏</strong><br><br><code>The hack is another example of how damaging cyber attacks against small cities and infrastructure can be.</code><br><br><a href="https://digitalguardian.com/blog/florida-water-hack-underscores-lack-municipal-cyber-funding">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23326">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 19:56:51">
19:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Actively Exploited Windows Kernel EoP Bug Allows Takeover ❌</strong><br><br><code>Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical and six publicly known. And, it continued to address the Zerologon bug.</code><br><br><a href="https://threatpost.com/exploited-windows-kernel-bug-takeover/163800/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23327">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 19:56:52">
19:56
       </div>

       <div class="text">
<strong>❌ Google Play Boots Barcode Scanner App After Ad Explosion ❌</strong><br><br><code>A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.</code><br><br><a href="https://threatpost.com/google-boots-barcode-scanner-app-ad-explosion/163803/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23328">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:41">
20:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21478 ‼</strong><br><br><code>SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21478">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23329">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:42">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21472 ‼</strong><br><br><code>SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23330">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:43">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21477 ‼</strong><br><br><code>SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21477">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23331">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:44">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26191 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23332">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:45">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-14343 ‼</strong><br><br><code>A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23333">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:49">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21502 ‼</strong><br><br><code>Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a &quot;use of SSH key past account expiration&quot; vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23334">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:50">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26193 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application&apos;s underlying OS, with the privileges of the vulnerable application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23335">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:51">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21475 ‼</strong><br><br><code>Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing &apos;traverse to parent directory&apos; are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23336">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:52">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26195 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26195">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23337">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:52">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21444 ‼</strong><br><br><code>SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21444">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23338">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:53">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-35125 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23339">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:54">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-21476 ‼</strong><br><br><code>SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21476">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23340">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:55">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26194 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23341">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:56">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26192 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23342">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:40:57">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26196 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26196">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23343">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:41:01">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-21474 ‼</strong><br><br><code>SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23344">

      <div class="body">

       <div class="pull_right date details" title="09.02.2021 20:41:02">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-21479 ‼</strong><br><br><code>In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21479">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-764">

      <div class="body details">
10 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23345">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 03:40:59">
03:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28870 ‼</strong><br><br><code>In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28870">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23346">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 03:41:00">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28871 ‼</strong><br><br><code>Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23347">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 09:04:13">
09:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Hit block caller: 75% of Americans were targeted by scammers 🦿</strong><br><br><code>While it&apos;s logical to assume seniors would be primary targets, a new report revealed that millennials were actually the most targeted demographic group of the more than 50 billion spam calls made in 2020.</code><br><br><a href="https://www.techrepublic.com/article/hit-block-caller-75-of-americans-were-targeted-by-scammers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23348">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 09:04:14">
09:04
       </div>

       <div class="text">
<strong>🦿 177% increase: Hackers grabbed 21.3 million healthcare records in the second half of 2020 🦿</strong><br><br><code>A new breach analysis from CI Security found that cybercriminals are going after medical billing and insurance companies.</code><br><br><a href="https://www.techrepublic.com/article/177-increase-hackers-grabbed-21-3-million-healthcare-records-in-the-second-half-of-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23349">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 10:57:25">
10:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple ❌</strong><br><br><code>Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.</code><br><br><a href="https://threatpost.com/supply-chain-hack-paypal-microsoft-apple/163814/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23350">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 11:03:52">
11:03
       </div>

       <div class="text">
<strong>⚠ Patch now to stop hackers blindly crashing your Windows computers ⚠</strong><br><br><code>Patch early, patch often. In fact, patch now if you haven&apos;t already. Here&apos;s why.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/10/patch-now-to-stop-hackers-blindly-crashing-your-windows-computers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23351">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 11:27:26">
11:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ The time for Insider Risk Management is now: Code42 2021 Data Exposure Report Reveals a Perfect Storm ❌</strong><br><br><code>The Code42 2021 Data Exposure Report highlights the need to adopt a new approach to data security and invest in modern Insider Risk technology.</code><br><br><a href="https://threatpost.com/the-time-for-insider-risk-management-is-now-code42-2021-data-exposure-report-reveals-a-perfect-storm/163754/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23352">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 12:14:13">
12:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Multivector Attacks Demand Security Controls at the Messaging Level 🕴</strong><br><br><code>As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/multivector-attacks-demand-security-controls-at-the-messaging-level/a/d-id/1340034?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23353">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 12:27:27">
12:27
       </div>

       <div class="text">
<strong>❌ Intel Squashes High-Severity Graphics Driver Flaws ❌</strong><br><br><code>Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.</code><br><br><a href="https://threatpost.com/intel-graphics-driver-flaws/163810/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23354">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 14:04:21">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Love is in the air—and cybercriminals are taking advantage 🦿</strong><br><br><code>Malicious Valentine&apos;s Day-themed phishing campaigns are up 29% from last year, according to Check Point Research.</code><br><br><a href="https://www.techrepublic.com/article/love-is-in-the-air-and-cybercriminals-are-taking-advantage/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23355">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 14:41:29">
14:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-24837 ‼</strong><br><br><code>An integer underflow has been found in the latest version of ZCFees. The variables &apos;currPeriodIdx&apos; and &apos;lastPeriodExecIdx&apos; are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23356">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 14:41:30">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-24838 ‼</strong><br><br><code>An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain &apos;amount&apos;, and the issuedCount can be zero if there is an overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24838">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23357">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 14:41:31">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27135 ‼</strong><br><br><code>xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23358">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 14:41:32">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-29171 ‼</strong><br><br><code>Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security &amp; Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23359">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 15:14:17">
15:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Zero Trust in the Real World 🕴</strong><br><br><code>Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.</code><br><br><a href="https://www.darkreading.com/physical-security/zero-trust-in-the-real-world/a/d-id/1340084?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23360">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 15:34:22">
15:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Mozilla privacy report on dating apps singles out Grindr for serious security lapses 🦿</strong><br><br><code>21 of the 24 dating apps examined were tagged with the &quot;*Privacy Not Included&quot; warning label.</code><br><br><a href="https://www.techrepublic.com/article/mozilla-privacy-report-on-dating-apps-singles-out-grindr-for-serious-security-lapses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23361">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 15:34:23">
15:34
       </div>

       <div class="text">
<strong>🦿 NordVPN puts the price tag of stolen streaming subscriptions at $38 million 🦿</strong><br><br><code>Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.</code><br><br><a href="https://www.techrepublic.com/article/nordvpn-puts-the-price-tag-of-stolen-streaming-subscriptions-at-38-million/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23362">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:27:34">
16:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Hybrid, Older Users Most-Targeted by Gmail Attackers ❌</strong><br><br><code>Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn&apos;t a big factor.</code><br><br><a href="https://threatpost.com/hybrid-older-users-gmail-attackers/163826/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23363">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:33">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0338 ‼</strong><br><br><code>In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23364">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:34">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-26299 ‼</strong><br><br><code>ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user&apos;s defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23365">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:36">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0326 ‼</strong><br><br><code>In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23366">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:36">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0335 ‼</strong><br><br><code>In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23367">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:37">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0314 ‼</strong><br><br><code>In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23368">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:38">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0341 ‼</strong><br><br><code>In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23369">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:39">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0330 ‼</strong><br><br><code>In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23370">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:40">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0337 ‼</strong><br><br><code>In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23371">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:41">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0331 ‼</strong><br><br><code>In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23372">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:42">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0333 ‼</strong><br><br><code>In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23373">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:46">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-3033 ‼</strong><br><br><code>An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3033">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23374">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:47">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0336 ‼</strong><br><br><code>In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23375">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:48">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-13546 ‼</strong><br><br><code>In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23376">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:49">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-26938 ‼</strong><br><br><code>A stored XSS issue exists in henriquedornas 5.2.17 via online live chat.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23377">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:50">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-26939 ‼</strong><br><br><code>An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23378">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:54">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0305 ‼</strong><br><br><code>In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23379">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:55">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-20353 ‼</strong><br><br><code>IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23380">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:55">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0328 ‼</strong><br><br><code>In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172670415</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23381">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:56">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-5023 ‼</strong><br><br><code>IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23382">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 16:41:57">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-0339 ‼</strong><br><br><code>In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23383">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 17:09:41">
17:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 NYDFS Releases New Cyber Insurance Risk Framework 🔏</strong><br><br><code>With the world in flux and cybercrime an increasingly pervasive threat, cyber insurance has seen rapid adoption. How can a cyber insurance plan be effective? NYDFS has released a new framework to help.</code><br><br><a href="https://digitalguardian.com/blog/nydfs-releases-new-cyber-insurance-risk-framework">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23384">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:27:51">
18:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Hacker Sets Alleged Auction for Witcher 3 Source Code ❌</strong><br><br><code>The ransomware gang behind the hack of CD Projekt Red may be asking for $1 million opening bids for the company&apos;s valuable data.</code><br><br><a href="https://threatpost.com/hacker-auction-witcher-source-code/163851/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23385">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:38">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27157 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23386">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:39">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27161 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23387">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:40">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27173 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&amp;key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23388">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:41">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27164 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27164">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23389">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:42">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27167 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23390">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:46">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-22133 ‼</strong><br><br><code>The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23391">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:47">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27144 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23392">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:48">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27176 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23393">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:48">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27169 ‼</strong><br><br><code>An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27169">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23394">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:49">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27166 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27166">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23395">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:53">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27172 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27172">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23396">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:54">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27177 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23397">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:55">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27174 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23398">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:56">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27175 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23399">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:41:57">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27168 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23400">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:42:01">
18:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27153 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23401">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:42:02">
18:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27163 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27163">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23402">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:42:03">
18:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27178 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23403">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:42:04">
18:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27171 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23404">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:42:05">
18:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27179 ‼</strong><br><br><code>An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23405">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 18:57:39">
18:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SAP Commerce Critical Security Bug Allows RCE ❌</strong><br><br><code>The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses.</code><br><br><a href="https://threatpost.com/sap-commerce-critical-security-bug/163822/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23406">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 19:14:22">
19:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SASE Surge: Why the Market Is Poised to Grow 🕴</strong><br><br><code>Analysts who anticipate the SASE market will expand by more than a factor of five before 2025 explain reasons behind the surge.</code><br><br><a href="https://www.darkreading.com/cloud/sase-surge-why-the-market-is-poised-to-grow/d/d-id/1340130?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23407">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:44">
20:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13572 ‼</strong><br><br><code>A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23408">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:45">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28596 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23409">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:46">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-13583 ‼</strong><br><br><code>A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23410">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:46">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-25251 ‼</strong><br><br><code>The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program’s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25251">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23411">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:47">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-13571 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23412">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:48">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-8355 ‼</strong><br><br><code>An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23413">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:49">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27185 ‼</strong><br><br><code>The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23414">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:50">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-24842 ‼</strong><br><br><code>PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23415">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:51">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-13561 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23416">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:52">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27186 ‼</strong><br><br><code>Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23417">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:53">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28595 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23418">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:54">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-13581 ‼</strong><br><br><code>In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23419">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:55">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-13585 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23420">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 20:41:56">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-27250 ‼</strong><br><br><code>In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23421">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 21:14:26">
21:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP Stacks 🕴</strong><br><br><code>Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/high-severity-vulnerabilities-discovered-in-multiple-embedded-tcp-ip-stacks/d/d-id/1340131?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23422">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 22:47:13">
22:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27871 ‼</strong><br><br><code>This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23423">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 22:47:14">
22:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-27874 ‼</strong><br><br><code>This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23424">

      <div class="body">

       <div class="pull_right date details" title="10.02.2021 22:47:15">
22:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-27870 ‼</strong><br><br><code>This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27870">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-765">

      <div class="body details">
11 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23425">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 08:42:16">
08:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20335 ‼</strong><br><br><code>For MongoDB Ops Manager 4.2.X with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager 4.4.X triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23426">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 09:28:10">
09:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Military, Nuclear Entities Under Target By Novel Android Malware ❌</strong><br><br><code>The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.</code><br><br><a href="https://threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23427">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 10:34:33">
10:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep19: Chrome zero-day, coffee hacking and Perl.com</strong> <strong>stolen [Podcast] ⚠</strong><br><br><code>Latest episode (includes 111,848 &quot;free&quot; cups of coffee) - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/11/s3-ep19-chrome-zero-day-coffee-hacking-and-perl-com-stolen-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23428">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 10:42:20">
10:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-23335 ‼</strong><br><br><code>All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23429">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 10:42:21">
10:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-23334 ‼</strong><br><br><code>All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require(&apos;static-eval&apos;); var parse = require(&apos;esprima&apos;).parse; var src=&quot;(function (x) { return ${eval(&quot;console.log(global.process.mainModule.constructor._load(&apos;child_process&apos;).execSync(&apos;ls&apos;).toString())&quot;)} })()&quot; var ast = parse(src).body[0].expression; evaluate(ast)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23430">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 12:14:56">
12:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever 🕴</strong><br><br><code>Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.</code><br><br><a href="https://www.darkreading.com/cloud-native-apps-make-software-supply-chain-security-more-important-than-ever/a/d-id/1340048?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23431">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 12:28:16">
12:28
       </div>

       <div class="text">
<strong>❌ Various Malware Lurks in Discord App to Target Gamers ❌</strong><br><br><code>Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers.</code><br><br><a href="https://threatpost.com/various-malware-lurking-in-discord-app-to-target-gamers/163867/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23432">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 12:47:59">
12:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 AIDE 0.17.3 🛠</strong><br><br><code>AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.</code><br><br><a href="https://packetstormsecurity.com/files/161392/aide-0.17.3.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23433">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 12:58:17">
12:58
       </div>

       <div class="text">
<strong>❌ How Email Attacks are Evolving in 2021 ❌</strong><br><br><code>The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.</code><br><br><a href="https://threatpost.com/email-security-attacks-bec/163869/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 13:28:19">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims ❌</strong><br><br><code>The attackers ported victims&apos; cell phone lines and then defeated 2FA to access accounts and apps.</code><br><br><a href="https://threatpost.com/celeb-sim-swap-crime-ring-100m/163888/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23435">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 13:44:58">
13:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Unemployment Fraud: As If Being Out of Work Wasn&apos;t Bad Enough 🕴</strong><br><br><code>With the pandemic as a backdrop, cybercriminals have recognized an unprecedented opportunity to steer billions of dollars in unemployment claims into the own accounts.</code><br><br><a href="https://www.darkreading.com/edge/theedge/unemployment-fraud-as-if-being-out-of-work-wasnt-bad-enough/b/d-id/1340088?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23436">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 14:42:33">
14:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-8027 ‼</strong><br><br><code>A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23437">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 14:42:34">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-8029 ‼</strong><br><br><code>A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23438">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 14:42:36">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-8030 ‼</strong><br><br><code>A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23439">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 14:42:37">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-8031 ‼</strong><br><br><code>A Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;) vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23440">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 15:15:00">
15:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Things We Know So Far About the SolarWinds Attacks 🕴</strong><br><br><code>Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/7-things-we-know-so-far-about-the-solarwinds-attacks/d/d-id/1340134?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23441">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 15:15:02">
15:15
       </div>

       <div class="text">
<strong>🕴 Game Over: Stopping DDoS Attacks Before They Start 🕴</strong><br><br><code>Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/game-over-stopping-ddos-attacks-before-they-start/a/d-id/1340120?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23442">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 15:34:57">
15:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to use the Vault command line tool to store your code secrets 🦿</strong><br><br><code>Developers must stop saving secrets in code. One way to avoid that is to use HashiCorp&apos;s Vault. Jack Wallen shows you how to install this tool and take your first steps in its usage.</code><br><br><a href="https://www.techrepublic.com/article/how-to-use-the-vault-command-line-tool-to-store-your-code-secrets/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23443">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 15:40:19">
15:40
       </div>

       <div class="text">
<strong>🔏 FBI Urges Caution with Legacy Systems Following Water Hack 🔏</strong><br><br><code>The FBI reiterated that using end-of-life operating systems and desktop sharing software can open the doors for attackers, like in the Oldsmar water treatment plant hack.</code><br><br><a href="https://digitalguardian.com/blog/fbi-urges-caution-legacy-systems-following-water-hack">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23444">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:15:03">
16:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Launches Phase 2 Mitigation for Zerologon Flaw 🕴</strong><br><br><code>The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/microsoft-launches-phase-2-mitigation-for-zerologon-flaw/d/d-id/1340138?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23445">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:35">
16:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13185 ‼</strong><br><br><code>Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23446">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:36">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21301 ‼</strong><br><br><code>Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn&apos;t stopped in a scenario where a user first has their camera enabled and then disables it. It&apos;s a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21301">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23447">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:37">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-25493 ‼</strong><br><br><code>Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23448">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:38">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21299 ‼</strong><br><br><code>hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in &quot;request smuggling&quot; or &quot;desync attacks&quot;. To determine if vulnerable, all these things must be true: 1) Using hyper as an HTTP server (the client is not affected), 2) Using HTTP/1.1 (HTTP/2 does not use transfer-encoding), 3) Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal transfer-encoding headers, the desync attack cannot succeed. If there is no proxy upstream of hyper, hyper cannot start the desync attack, as the client will repair the headers before forwarding. This is fixed in versions 0.14.3 and 0.13.10. As a workaround one can take the following options: 1) Reject requests that contain a `transfer-encoding` header, 2) Ensure any upstream proxy handles `transfer-encoding` correctly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23449">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:39">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-22881 ‼</strong><br><br><code>The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain &quot;allowed host&quot; formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22881">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23450">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:43">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-25689 ‼</strong><br><br><code>An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25689">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23451">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:43">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-22656 ‼</strong><br><br><code>Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23452">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:44">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-13186 ‼</strong><br><br><code>An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23453">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:45">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-25690 ‼</strong><br><br><code>A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23454">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:46">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27191 ‼</strong><br><br><code>The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23455">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:47">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-25688 ‼</strong><br><br><code>Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user&apos;s password in the application logs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23456">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:48">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-1717 ‼</strong><br><br><code>A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23457">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:49">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-10734 ‼</strong><br><br><code>A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23458">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:50">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-22880 ‼</strong><br><br><code>The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22880">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23459">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:51">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-4768 ‼</strong><br><br><code>IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4768">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23460">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:55">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-20404 ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20404">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23461">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:56">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-22658 ‼</strong><br><br><code>Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to &apos;Administrator&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22658">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23462">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:56">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-27184 ‼</strong><br><br><code>Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\Pelco directory) when DSControlPoint.exe is executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23463">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:58">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-20405 ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20405">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23464">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 16:42:59">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-20188 ‼</strong><br><br><code>A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23465">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 17:15:03">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests 🕴</strong><br><br><code>Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/pandemic-initially-led-to-fewer-disclosed-vulnerabilities-data-suggests/d/d-id/1340139?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23466">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:41">
18:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21025 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23467">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:42">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21044 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23468">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:43">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21020 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23469">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:44">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21046 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23470">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:44">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21031 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23471">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:48">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21019 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23472">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:49">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21061 ‼</strong><br><br><code>Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23473">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:50">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21029 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via &apos;file&apos; parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim&apos;s browser. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23474">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:51">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21028 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23475">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:52">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21016 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23476">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:53">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21027 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23477">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:54">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21060 ‼</strong><br><br><code>Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21060">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23478">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:55">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21038 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23479">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:56">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21023 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim&apos;s browser. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23480">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:47:56">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21057 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23481">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:48:00">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-21035 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23482">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:48:01">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-21017 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23483">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:48:03">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-21033 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21033">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23484">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:48:04">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-21024 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23485">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:48:05">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-21034 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21034">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23486">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:54:59">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-21037 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23487">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:54:59">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-21307 ‼</strong><br><br><code>Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23488">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:58:01">
18:58
       </div>

       <div class="text">
<strong>‼ CVE-2021-21021 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23489">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:58:02">
18:58
       </div>

       <div class="text">
<strong>‼ CVE-2021-21039 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23490">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:58:03">
18:58
       </div>

       <div class="text">
<strong>🕴 Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector 🕴</strong><br><br><code>Expect increase in ransomware and &apos;triple extortion&apos; attacks, Cyber Threat Intelligence League says.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/growing-collaboration-among-criminal-groups-heightens-ransomware-threat-for-healthcare-sector/d/d-id/1340142?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23491">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 18:58:04">
18:58
       </div>

       <div class="text">
<strong>❌ Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores ❌</strong><br><br><code>Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.</code><br><br><a href="https://threatpost.com/valentines-day-malware-attack/163900/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23492">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 19:45:08">
19:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ransomware Attackers Set Their Sights on SaaS 🕴</strong><br><br><code>Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23493">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:05:03">
20:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Working at a safe distance, safely: Remote work at industrial sites brings extra cyber risk 🦿</strong><br><br><code>When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.</code><br><br><a href="https://www.techrepublic.com/article/working-at-a-safe-distance-safely-remote-work-at-industrial-sites-brings-extra-cyber-risk/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23494">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:45">
20:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-9307 ‼</strong><br><br><code>Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23495">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:46">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21052 ‼</strong><br><br><code>Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23496">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:46">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21014 ‼</strong><br><br><code>Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23497">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:47">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21053 ‼</strong><br><br><code>Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23498">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:48">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21063 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23499">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:49">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2019-19004 ‼</strong><br><br><code>A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23500">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:50">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21058 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23501">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:51">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21050 ‼</strong><br><br><code>Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23502">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:52">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21055 ‼</strong><br><br><code>Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23503">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:53">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21049 ‼</strong><br><br><code>Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23504">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:57">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21310 ‼</strong><br><br><code>NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. This made it possible to use a valid token to sign in as another user when using the Prima adapter in conjunction with the Email provider. This issue is specific to the community supported Prisma adapter. This issue is fixed in version 3.3.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23505">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:58">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21311 ‼</strong><br><br><code>Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23506">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:42:59">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2019-19005 ‼</strong><br><br><code>A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23507">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:00">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21062 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23508">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:01">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21976 ‼</strong><br><br><code>vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23509">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:02">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21051 ‼</strong><br><br><code>Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21051">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23510">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:03">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21048 ‼</strong><br><br><code>Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23511">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:04">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21054 ‼</strong><br><br><code>Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21054">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23512">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:06">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21059 ‼</strong><br><br><code>Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21059">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23513">

      <div class="body">

       <div class="pull_right date details" title="11.02.2021 20:43:07">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-21047 ‼</strong><br><br><code>Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-766">

      <div class="body details">
12 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23514">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 03:43:04">
03:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27190 ‼</strong><br><br><code>PEEL Shopping cart 9.3.0 allows utilisateurs/change_params.php Address XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23515">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:19">
08:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20646 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20646">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23516">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:21">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-27187 ‼</strong><br><br><code>The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23517">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:22">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20636 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20636">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23518">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:23">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20644 ‼</strong><br><br><code>ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user&apos;s web browser by displaying a specially crafted SSID on the web setup page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23519">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:24">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20642 ‼</strong><br><br><code>Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20642">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23520">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:25">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20638 ‼</strong><br><br><code>LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23521">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:26">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-27204 ‼</strong><br><br><code>Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27204">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23522">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:27">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20648 ‼</strong><br><br><code>ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20648">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23523">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:28">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20635 ‼</strong><br><br><code>Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20635">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23524">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:29">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20643 ‼</strong><br><br><code>Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23525">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:30">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20637 ‼</strong><br><br><code>Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20637">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23526">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:31">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-27205 ‼</strong><br><br><code>Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27205">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23527">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:33">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20651 ‼</strong><br><br><code>Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23528">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:34">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20645 ‼</strong><br><br><code>Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23529">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:35">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20650 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20650">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23530">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:37">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20641 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23531">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:38">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20647 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20647">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23532">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:39">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-27188 ‼</strong><br><br><code>The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim&apos;s account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23533">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:40">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20640 ‼</strong><br><br><code>Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23534">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 08:43:41">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20639 ‼</strong><br><br><code>LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23535">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 12:15:39">
12:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 You&apos;ve Got Cloud Security All Wrong: Managing Identity in a Cloud World 🕴</strong><br><br><code>In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.</code><br><br><a href="https://www.darkreading.com/cloud/youve-got-cloud-security-all-wrong-managing-identity-in-a-cloud-world/a/d-id/1340077?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23536">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 12:35:27">
12:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why cybersecurity insurance may be worth the cost 🦿</strong><br><br><code>Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?</code><br><br><a href="https://www.techrepublic.com/article/why-cybersecurity-insurance-may-be-worth-the-cost/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23537">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 12:40:54">
12:40
       </div>

       <div class="text">
<strong>🔏 Friday Five 2/12 🔏</strong><br><br><code>A hack of a water treatment plant, SIM swapping used on celebrities, and a popular barcode app turned into malware - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-2/12">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23538">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 12:59:08">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Florida Water Plant Hack: Leaked Credentials Found in Breach Database ❌</strong><br><br><code>Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.</code><br><br><a href="https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23539">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 14:04:58">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Fallen victim to online fraud? Here’s what to do… ⚠</strong><br><br><code>Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/12/fallen-victim-to-online-fraud-heres-what-to-do/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23540">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 14:29:11">
14:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Singtel Suffers Zero-Day Cyberattack, Damage Unknown ❌</strong><br><br><code>The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.</code><br><br><a href="https://threatpost.com/singtel-zero-day-cyberattack/163938/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23541">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 14:43:36">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-27197 ‼</strong><br><br><code>DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn&apos;t check if it&apos;s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with &quot;OBJECT classid=&quot; and &quot;&lt;SCRIPT language=&apos;vbscript&apos;&gt;&quot;) to overwrite arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27197">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23542">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 14:46:37">
14:46
       </div>

       <div class="text">
<strong>🕴 Water Utility Hack Could Inspire More Intruders 🕴</strong><br><br><code>If past cyberattacks are any indication, success begets imitation. In the wake of last week&apos;s hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/water-utility-hack-could-inspire-more-intruders/d/d-id/1340163?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23543">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:29:16">
16:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Annoyingly Believable’ Tax Scam Targets Mobile Users ❌</strong><br><br><code>A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.</code><br><br><a href="https://threatpost.com/believable-tax-scam-mobile-users/163951/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23544">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:41">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22979 ‼</strong><br><br><code>On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23545">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:42">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22976 ‼</strong><br><br><code>On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23546">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:44">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20412 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20412">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23547">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:45">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22985 ‼</strong><br><br><code>On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23548">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:46">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22974 ‼</strong><br><br><code>On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23549">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:47">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22975 ‼</strong><br><br><code>On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23550">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:47">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22982 ‼</strong><br><br><code>On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22982">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23551">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:48">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20406 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20406">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23552">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:49">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20410 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20410">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23553">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:50">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20411 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20411">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23554">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:51">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20409 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20409">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23555">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:52">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22980 ‼</strong><br><br><code>In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23556">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:53">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22981 ‼</strong><br><br><code>On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23557">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:54">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20408 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20408">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23558">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:55">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-20407 (security_verify_information_queue) ‼</strong><br><br><code>IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23559">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:43:59">
16:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22973 ‼</strong><br><br><code>On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23560">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 16:44:00">
16:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-22983 ‼</strong><br><br><code>On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23561">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 17:29:18">
17:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Yandex Data Breach Exposes 4K+ Email Accounts ❌</strong><br><br><code>In a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”</code><br><br><a href="https://threatpost.com/yandex-data-breach-email-accounts/163960/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23562">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:29:20">
18:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ mHealth Apps Expose Millions to Cyberattacks ❌</strong><br><br><code>Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs.</code><br><br><a href="https://threatpost.com/mhealth-apps-millions-cyberattacks/163966/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23563">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:35:34">
18:35
       </div>

       <div class="text">
<strong>🦿 US Court system demands massive changes to court documents after SolarWinds hack 🦿</strong><br><br><code>Multiple senators have demanded a hearing on what court officials know about the hackers&apos; access to sensitive filings. The effects could make accessing documents harder for lawyers.</code><br><br><a href="https://www.techrepublic.com/article/us-court-system-demands-massive-changes-to-court-documents-after-solarwinds-hack/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23564">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:43:45">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22977 ‼</strong><br><br><code>On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23565">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:43:46">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22984 ‼</strong><br><br><code>On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23566">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:43:47">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-13949 ‼</strong><br><br><code>In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23567">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:43:48">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22504 ‼</strong><br><br><code>Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22504">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23568">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:43:49">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2013-20001 ‼</strong><br><br><code>An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-20001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23569">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 18:43:53">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22978 ‼</strong><br><br><code>On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23570">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 20:43:51">
20:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26753 ‼</strong><br><br><code>NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26753">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23571">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 20:43:52">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-26751 ‼</strong><br><br><code>NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23572">

      <div class="body">

       <div class="pull_right date details" title="12.02.2021 20:43:52">
20:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-26752 ‼</strong><br><br><code>NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-767">

      <div class="body details">
13 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23573">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.02.2021 03:44:07">
03:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27210 ‼</strong><br><br><code>TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&amp;5 URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23574">

      <div class="body">

       <div class="pull_right date details" title="13.02.2021 03:44:08">
03:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-27209 ‼</strong><br><br><code>In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-768">

      <div class="body details">
14 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23575">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 03:45:09">
03:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-25019 ‼</strong><br><br><code>LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23576">

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 03:45:10">
03:45
       </div>

       <div class="text">
<strong>‼ CVE-2021-27212 ‼</strong><br><br><code>In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23577">

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 03:45:11">
03:45
       </div>

       <div class="text">
<strong>‼ CVE-2021-26929 ‼</strong><br><br><code>An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26929">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23578">

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 03:45:12">
03:45
       </div>

       <div class="text">
<strong>‼ CVE-2021-27213 ‼</strong><br><br><code>config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27213">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23579">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 22:45:54">
22:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-36234 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36234">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23580">

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 22:45:55">
22:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36235 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36235">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23581">

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 22:45:56">
22:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36237 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23582">

      <div class="body">

       <div class="pull_right date details" title="14.02.2021 22:45:57">
22:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36236 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-769">

      <div class="body details">
15 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23583">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 03:46:07">
03:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29451 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23584">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 03:46:08">
03:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-21702 ‼</strong><br><br><code>In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23585">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 03:46:09">
03:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-7071 ‼</strong><br><br><code>In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23586">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 10:46:33">
10:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28500 ‼</strong><br><br><code>All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require(&apos;lodash&apos;); function build_blank (n) { var ret = &quot;1&quot; for (var i = 0; i &lt; n; i++) { ret += &quot; &quot; } return ret + &quot;1&quot;; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log(&quot;time_cost0: &quot; + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log(&quot;time_cost1: &quot; + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log(&quot;time_cost2: &quot; + time_cost2)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23587">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 10:49:34">
10:49
       </div>

       <div class="text">
<strong>🕴 How to Submit a Column to Dark Reading 🕴</strong><br><br><code>Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here&apos;s how to submit your Commentary pieces to Dark Reading.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/how-to-submit-a-column-to-dark-reading/a/d-id/1340136?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23588">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 11:17:56">
11:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020 🕴</strong><br><br><code>Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23589">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 11:36:16">
11:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Egregor ransomware criminals allegedly busted in Ukraine ⚠</strong><br><br><code>More good news in the cybercrime law-and-order world, this time a bust of ransomware crooks.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/15/egregor-ransomware-criminals-allegedly-busted-in-ukraine/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23590">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:17:59">
12:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Malware Exploits Security Teams&apos; Greatest Weakness: Poor Relationships With Employees 🕴</strong><br><br><code>Users&apos; distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.</code><br><br><a href="https://www.darkreading.com/application-security/malware-exploits-security-teams-greatest-weakness-poor-relationships-with-employees/a/d-id/1340105?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23591">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:46:41">
12:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25296 ‼</strong><br><br><code>Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23592">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:46:42">
12:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-25299 ‼</strong><br><br><code>Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23593">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:46:44">
12:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-23337 ‼</strong><br><br><code>All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23594">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:46:45">
12:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-23336 ‼</strong><br><br><code>The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23595">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:46:46">
12:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-25297 ‼</strong><br><br><code>Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23596">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 12:46:47">
12:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-25298 ‼</strong><br><br><code>Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25298">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23597">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:36:22">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – When is a bug bounty not a bug bounty? ⚠</strong><br><br><code>Latest episode - watch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/15/naked-security-when-is-a-bug-bounty-not-a-bug-bounty/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23598">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:43">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4956 ‼</strong><br><br><code>IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23599">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:44">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-29031 ‼</strong><br><br><code>An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23600">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:45">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-35775 ‼</strong><br><br><code>CITSmart before 9.1.2.23 allows LDAP Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23601">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:46">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-29026 ‼</strong><br><br><code>A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23602">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:47">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4955 ‼</strong><br><br><code>IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23603">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:48">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4954 ‼</strong><br><br><code>IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23604">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 14:46:50">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-23338 ‼</strong><br><br><code>This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23605">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:07:13">
16:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Linux 101: How to remove legacy communication services 🦿</strong><br><br><code>To keep your Linux servers and desktops as secure as possible, you should check for (and remove) legacy communication services. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/article/linux-101-how-to-remove-legacy-communication-services/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23606">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:49">
16:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27218 ‼</strong><br><br><code>An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23607">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:50">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-24899 ‼</strong><br><br><code>Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23608">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:51">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-3375 ‼</strong><br><br><code>ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23609">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:52">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-22425 ‼</strong><br><br><code>Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22425">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23610">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:52">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-22427 ‼</strong><br><br><code>NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23611">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:53">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-35512 ‼</strong><br><br><code>A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23612">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 16:46:54">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-27219 ‼</strong><br><br><code>An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23613">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 18:01:58">
18:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cybercrooks Rake in $304M in Romance Scams ❌</strong><br><br><code>The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic.</code><br><br><a href="https://threatpost.com/cybercrooks-304m-romance-scams/163972/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23614">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 18:46:52">
18:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28337 ‼</strong><br><br><code>A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23615">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 18:46:53">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-29142 ‼</strong><br><br><code>A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23616">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 18:46:53">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-27211 ‼</strong><br><br><code>steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27211">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23617">

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 18:46:54">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-27201 ‼</strong><br><br><code>Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27201">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23618">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.02.2021 23:36:31">
23:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ How one man silently infiltrated dozens of high-tech networks ⚠</strong><br><br><code>Ever counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/16/how-one-man-silently-infiltrated-dozens-of-high-tech-networks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-770">

      <div class="body details">
16 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23619">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 03:47:14">
03:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27234 ‼</strong><br><br><code>An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27234">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23620">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 03:47:15">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-27233 ‼</strong><br><br><code>An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23621">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 03:47:16">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-27235 ‼</strong><br><br><code>An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27235">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23622">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 03:47:17">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-27229 ‼</strong><br><br><code>Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23623">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 03:47:18">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-27236 ‼</strong><br><br><code>An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23624">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 03:47:22">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-27231 ‼</strong><br><br><code>Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer&apos;s domain name, leading to spoofing of services or email messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27231">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23625">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 11:37:40">
11:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Top 5 security risks to connected cars, according to Trend Micro 🦿</strong><br><br><code>Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.</code><br><br><a href="https://www.techrepublic.com/article/top-5-security-risks-to-connected-cars-according-to-trend-micro/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23626">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 11:37:41">
11:37
       </div>

       <div class="text">
<strong>🦿 State of malware: 3 key findings in the latest Malwarebytes report 🦿</strong><br><br><code>Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.</code><br><br><a href="https://www.techrepublic.com/article/state-of-malware-3-key-findings-in-the-latest-malwarebytes-report/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23627">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 12:06:48">
12:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Romance scams at all-time high: here’s what you need to know ⚠</strong><br><br><code>It&apos;s heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here&apos;s what to do...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/16/romance-scams-at-all-time-high-heres-what-you-need-to-know/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23628">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 12:18:58">
12:18
       </div>

       <div class="text">
<strong>🕴 Black History Month 2021: Time to Talk Diversity and Cybersecurity 🕴</strong><br><br><code>In an industry that consistently needs new ideas, it&apos;s essential to have individuals who think, speak, and act in diverse ways.</code><br><br><a href="https://www.darkreading.com/careers-and-people/black-history-month-2021-time-to-talk-diversity-and-cybersecurity/a/d-id/1340143?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23629">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 12:47:46">
12:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-24841 ‼</strong><br><br><code>PNPSCADA 2.200816204020 allows SQL injection via parameter &apos;interf&apos; in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23630">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 12:50:48">
12:50
       </div>

       <div class="text">
<strong>🕴 Fighting Fileless Malware, Part 3: Mitigations 🕴</strong><br><br><code>Attackers can dodge the countermeasures you employ against fileless malware. So how do you mitigate the damage?</code><br><br><a href="https://www.darkreading.com/edge/theedge/fighting-fileless-malware-part-3-mitigations/b/d-id/1340168?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23631">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 13:03:41">
13:03
       </div>

       <div class="text">
<strong>🛠 TOR Virtual Network Tunneling Tool 0.4.5.6</strong> <strong>🛠</strong><br><br><code>Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).</code><br><br><a href="https://packetstormsecurity.com/files/161441/tor-0.4.5.6.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23632">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 13:03:42">
13:03
       </div>

       <div class="text">
<strong>🛠 Recon Informer 1.3 🛠</strong><br><br><code>Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.</code><br><br><a href="https://packetstormsecurity.com/files/161440/ReconInformer-1.3.txt">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23633">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 13:49:03">
13:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Palo Alto Networks Plans to Acquire Cloud Security Firm 🕴</strong><br><br><code>Most of Fortune 100 firms have used Bridgecrew&apos;s service in their application development processes.</code><br><br><a href="https://www.darkreading.com/cloud/palo-alto-networks-plans-to-acquire-cloud-security-firm/d/d-id/1340169?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23634">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:03:21">
14:03
       </div>

       <div class="text">
<strong>❌ Misconfigured Baby Monitors Allow Unauthorized Viewing ❌</strong><br><br><code>Hundreds of thousands of individuals are potentially affected by this vulnerability.</code><br><br><a href="https://threatpost.com/baby-monitors-unauthorized-viewing/163982/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23635">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:03:22">
14:03
       </div>

       <div class="text">
<strong>❌ Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches ❌</strong><br><br><code>Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.</code><br><br><a href="https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23636">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:50">
14:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25340 ‼</strong><br><br><code>An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23637">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:51">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-35566 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23638">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:52">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-35564 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23639">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:53">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-35567 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23640">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:54">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-35565 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23641">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:58">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29023 ‼</strong><br><br><code>Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim&apos;s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23642">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:58">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-35563 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23643">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:47:59">
14:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29027 ‼</strong><br><br><code>Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23644">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:00">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35570 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23645">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:01">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35560 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23646">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:05">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-29024 ‼</strong><br><br><code>Sensitive Cookie in HTTPS Session Without &apos;Secure&apos; Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23647">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:06">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-29025 ‼</strong><br><br><code>A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user&apos;s browser in the context of that user&apos;s session with the application. This issue affects all versions and variants of SM-E prior to version 9.3</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23648">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:07">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35569 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23649">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:08">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-27232 ‼</strong><br><br><code>The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23650">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:08">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35561 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23651">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:12">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35559 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23652">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:13">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35557 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23653">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:14">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-25648 ‼</strong><br><br><code>Mobile application &quot;Testes de Codigo&quot; 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters &quot;isAdmin&quot; and &quot;isPremium&quot; located on device storage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25648">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23654">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:15">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-29022 ‼</strong><br><br><code>Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23655">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 14:48:16">
14:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-35558 ‼</strong><br><br><code>An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials..</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35558">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23656">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 15:19:05">
15:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Under Attack: Hosting &amp; Internet Service Providers 🕴</strong><br><br><code>The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/under-attack-hosting-and-internet-service-providers/a/d-id/1340127?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23657">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:07:47">
16:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The fine line between global COVID-19 protocols and privacy 🦿</strong><br><br><code>A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes.</code><br><br><a href="https://www.techrepublic.com/article/the-fine-line-between-global-covid-19-protocols-and-privacy/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23658">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:44:01">
16:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Sandworm Linked to French Hacking Campaign 🔏</strong><br><br><code>France&apos;s cybersecurity agency connected a three year intrusion campaign targeting monitoring software to Russia&apos;s Sandworm group.</code><br><br><a href="https://digitalguardian.com/blog/sandworm-linked-french-hacking-campaign">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23659">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:54">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21316 ‼</strong><br><br><code>less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23660">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:55">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-20986 ‼</strong><br><br><code>A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23661">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:56">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21317 ‼</strong><br><br><code>uap-core in an open-source npm package which contains the core of BrowserScope&apos;s original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23662">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:56">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-23840 ‼</strong><br><br><code>Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23663">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:57">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-23841 ‼</strong><br><br><code>Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23664">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:58">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-23839 ‼</strong><br><br><code>OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23839">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23665">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:47:59">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-21315 ‼</strong><br><br><code>The System Information Library for Node.JS (npm package &quot;systeminformation&quot;) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21315">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23666">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:48:00">
16:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20987 ‼</strong><br><br><code>A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23667">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 16:50:55">
16:50
       </div>

       <div class="text">
<strong>🕴 Strata Identity Raises $11M in Series A Round 🕴</strong><br><br><code>The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.</code><br><br><a href="https://www.darkreading.com/cloud/strata-identity-raises-%2411m-in-series-a-round/d/d-id/1340176?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23668">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:33:32">
18:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence ❌</strong><br><br><code>The volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed. But there were still several notable trends, such as a rise in Linux botnets.</code><br><br><a href="https://threatpost.com/ddos-attacks-q4-cryptomining-resurgence/163998/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23669">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:47:59">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-27203 ‼</strong><br><br><code>In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27203">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23670">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:00">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20069 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23671">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:01">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20073 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23672">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:02">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20068 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23673">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:03">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20074 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20074">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23674">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:04">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20067 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23675">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:05">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20072 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23676">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:06">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20071 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23677">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:07">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-11635 ‼</strong><br><br><code>The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11635">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23678">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:08">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20070 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20070">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23679">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:12">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-28918 ‼</strong><br><br><code>DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an &quot;unknown username&quot; error message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23680">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:13">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-27237 ‼</strong><br><br><code>The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23681">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:14">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20075 ‼</strong><br><br><code>Racom&apos;s MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23682">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:15">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-29457 ‼</strong><br><br><code>A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29457">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23683">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 18:48:16">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20066 ‼</strong><br><br><code>JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23684">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 19:03:32">
19:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Let’s Encrypt Gears Up to Replace 200M Certificates a Day ❌</strong><br><br><code>The open CA prepares for ‘worst scenarios’ with new fiber, servers, cryptographic signing and more.</code><br><br><a href="https://threatpost.com/lets-encrypt-gears-up-to-replace-200m-certificates-a-day/164002/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23685">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 19:03:33">
19:03
       </div>

       <div class="text">
<strong>❌ Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies ❌</strong><br><br><code>TikTok is again in hot water for how the popular video-sharing app collects and shares data - particularly from its underage userbase.</code><br><br><a href="https://threatpost.com/tiktok-complaint-data-collection/163991/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23686">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 20:19:16">
20:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Firms Patch Greater Number of Systems, but Still Slowly 🕴</strong><br><br><code>Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/firms-patch-greater-number-of-systems-but-still-slowly/d/d-id/1340178?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23687">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 20:48:03">
20:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27104 ‼</strong><br><br><code>Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27104">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23688">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 20:48:04">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-27103 ‼</strong><br><br><code>Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27103">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23689">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 20:48:06">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-27101 ‼</strong><br><br><code>Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27101">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23690">

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 20:48:07">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-27102 ‼</strong><br><br><code>Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27102">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23691">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.02.2021 21:19:20">
21:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Compromised Credentials Show That Abuse Happens in Multiple Phases 🕴</strong><br><br><code>The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/compromised-credentials-show-that-abuse-happens-in-multiple-phases/d/d-id/1340179?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-771">

      <div class="body details">
17 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23692">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:22">
03:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-2502 ‼</strong><br><br><code>This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23693">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:23">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-26930 ‼</strong><br><br><code>An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn&apos;t mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26930">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23694">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:23">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-26932 ‼</strong><br><br><code>An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23695">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:24">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20653 ‼</strong><br><br><code>Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23696">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:25">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-20655 ‼</strong><br><br><code>FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23697">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:26">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-26934 ‼</strong><br><br><code>An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn&apos;t stated accordingly in its support status entry.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23698">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:27">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-26933 ‼</strong><br><br><code>An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23699">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:28">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-26931 ‼</strong><br><br><code>An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn&apos;t correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23700">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 03:48:29">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-2501 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2501">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23701">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 10:48:47">
10:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22858 ‼</strong><br><br><code>Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22858">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23702">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 10:48:48">
10:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-22856 ‼</strong><br><br><code>The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23703">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 10:48:49">
10:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-22857 ‼</strong><br><br><code>The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23704">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 10:48:49">
10:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-22553 ‼</strong><br><br><code>Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23705">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:05:05">
12:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OpenSSL Toolkit 1.1.1j 🛠</strong><br><br><code>OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.</code><br><br><a href="https://packetstormsecurity.com/files/161450/openssl-1.1.1j.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23706">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:20:02">
12:20
       </div>

       <div class="text">
<strong>🕴 4 Predictions for the Future of Privacy 🕴</strong><br><br><code>Use these predictions to avoid pushback, find opportunity, and create value for your organization.</code><br><br><a href="https://www.darkreading.com/endpoint/privacy/4-predictions-for-the-future-of-privacy-/a/d-id/1340132?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23707">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:34:22">
12:34
       </div>

       <div class="text">
<strong>❌ Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed ❌</strong><br><br><code>Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups.</code><br><br><a href="https://threatpost.com/safari-browser-scamclub-campaign-revealed/164023/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23708">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:48:57">
12:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-24453 ‼</strong><br><br><code>Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23709">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:48:58">
12:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-24494 ‼</strong><br><br><code>Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23710">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:48:58">
12:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-24495 ‼</strong><br><br><code>Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23711">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:00">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12368 ‼</strong><br><br><code>Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23712">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:01">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-24458 ‼</strong><br><br><code>Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service&lt;b&gt;&amp;nbsp;&lt;/b&gt;via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23713">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:02">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12372 ‼</strong><br><br><code>Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23714">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:03">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-0522 ‼</strong><br><br><code>Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23715">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:04">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12361 ‼</strong><br><br><code>Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23716">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:05">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-7848 ‼</strong><br><br><code>The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23717">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:07">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-24452 ‼</strong><br><br><code>Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24452">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23718">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:08">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-24480 ‼</strong><br><br><code>Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23719">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:09">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12370 ‼</strong><br><br><code>Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23720">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:10">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-8678 ‼</strong><br><br><code>Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23721">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:11">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12367 ‼</strong><br><br><code>Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23722">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:12">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12377 ‼</strong><br><br><code>Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12377">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23723">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:12">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-8701 ‼</strong><br><br><code>Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23724">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:13">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-0109 ‼</strong><br><br><code>Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23725">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:14">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12384 ‼</strong><br><br><code>Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12384">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23726">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:15">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-24500 ‼</strong><br><br><code>Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23727">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:49:16">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-7849 ‼</strong><br><br><code>A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23728">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:54:59">
12:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-24491 ‼</strong><br><br><code>Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24491">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23729">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:00">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-22853 ‼</strong><br><br><code>The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23730">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:02">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-22855 ‼</strong><br><br><code>The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23731">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:03">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-8765 ‼</strong><br><br><code>Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23732">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:04">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-24504 ‼</strong><br><br><code>Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24504">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23733">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:05">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-22854 ‼</strong><br><br><code>The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23734">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:06">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-24497 ‼</strong><br><br><code>Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23735">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 12:55:07">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-24505 ‼</strong><br><br><code>Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24505">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23736">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 13:34:28">
13:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Masslogger Swipes Microsoft Outlook, Google Chrome Credentials ❌</strong><br><br><code>A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain.</code><br><br><a href="https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23737">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:08:36">
14:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft&apos;s Power BI gets new tools to prevent leakage of confidential data 🦿</strong><br><br><code>Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.</code><br><br><a href="https://www.techrepublic.com/article/microsofts-power-bi-gets-new-tools-to-prevent-leakage-of-confidential-data/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23738">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:08:37">
14:08
       </div>

       <div class="text">
<strong>🦿 Top 5 things to know about adversarial attacks 🦿</strong><br><br><code>Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.</code><br><br><a href="https://www.techrepublic.com/article/top-5-things-to-know-about-adversarial-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23739">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:08:38">
14:08
       </div>

       <div class="text">
<strong>🦿 Adversarial attacks: 5 things to know 🦿</strong><br><br><code>Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.</code><br><br><a href="https://www.techrepublic.com/videos/adversarial-attacks-5-things-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23740">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:04">
14:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26559 ‼</strong><br><br><code>Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23741">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:05">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-36003 ‼</strong><br><br><code>The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23742">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:05">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-26809 ‼</strong><br><br><code>PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23743">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:06">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-35339 ‼</strong><br><br><code>In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23744">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:07">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12365 ‼</strong><br><br><code>Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12365">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23745">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:08">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-27362 ‼</strong><br><br><code>The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23746">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:09">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25779 ‼</strong><br><br><code>Baby Care System v1.0 is vulnerable to SQL injection via the &apos;id&apos; parameter on the contentsectionpage.php page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23747">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:10">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-36002 ‼</strong><br><br><code>Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23748">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:11">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25780 ‼</strong><br><br><code>An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25780">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23749">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:12">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-22173 ‼</strong><br><br><code>Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23750">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:15">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-27224 ‼</strong><br><br><code>The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23751">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:16">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-26697 ‼</strong><br><br><code>The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23752">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:49:17">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-22174 ‼</strong><br><br><code>Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23753">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:52:05">
14:52
       </div>

       <div class="text">
<strong>🕴 Breach Etiquette: How to Mind Your Manners When It Matters 🕴</strong><br><br><code>Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.</code><br><br><a href="https://www.darkreading.com/edge/theedge/breach-etiquette-how-to-mind-your-manners-when-it-matters/b/d-id/1340182?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23754">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 14:52:06">
14:52
       </div>

       <div class="text">
<strong>🕴 Enterprise Windows Threats Drop as Mac Attacks Rise: Report 🕴</strong><br><br><code>An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/enterprise-windows-threats-drop-as-mac-attacks-rise-report/d/d-id/1340184?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23755">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 15:07:29">
15:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ “ScamClub” gang outed for exploiting iPhone browser bug to spew ads ⚠</strong><br><br><code>Stay away from popup surveys that want personal data. Tell your friends...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/17/scamclub-gang-outed-for-exploiting-iphone-browser-bug-to-spew-ads/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23756">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 15:07:30">
15:07
       </div>

       <div class="text">
<strong>⚠ How one man silently infiltrated dozens of high-tech networks ⚠</strong><br><br><code>Ever counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/16/how-one-man-silently-infiltrated-dozens-of-high-tech-networks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23757">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 15:07:31">
15:07
       </div>

       <div class="text">
<strong>⚠ Romance scams at all-time high: here’s what you need to know ⚠</strong><br><br><code>It&apos;s heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here&apos;s what to do...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/16/romance-scams-at-all-time-high-heres-what-you-need-to-know/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23758">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 15:20:18">
15:20
       </div>

       <div class="text">
<strong>🕴 Ransomware? Let&apos;s Call It What It Really Is: Extortionware 🕴</strong><br><br><code>Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ransomware-lets-call-it-what-it-really-is-extortionware/a/d-id/1340089?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23759">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 15:34:37">
15:34
       </div>

       <div class="text">
<strong>❌ U.S. Accuses North Korean Hackers of Stealing Millions ❌</strong><br><br><code>The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea.</code><br><br><a href="https://threatpost.com/us-accuses-north-korean-hackers/164039/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23760">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:38:45">
16:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Kaspersky: Goofing off a little at work may help security teams stay focused 🦿</strong><br><br><code>The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours.</code><br><br><a href="https://www.techrepublic.com/article/kaspersky-goofing-off-a-little-at-work-may-help-security-teams-stay-focused/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23761">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:49:12">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1366 ‼</strong><br><br><code>A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23762">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:49:13">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1372 ‼</strong><br><br><code>A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23763">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:49:14">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1412 ‼</strong><br><br><code>Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1412">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23764">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:49:15">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1378 ‼</strong><br><br><code>A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1378">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23765">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:49:16">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1416 ‼</strong><br><br><code>Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23766">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 16:49:20">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1351 ‼</strong><br><br><code>A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23767">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 17:04:39">
17:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ninja Forms WordPress Plugin Bug Opens Websites to Hacks ❌</strong><br><br><code>The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.</code><br><br><a href="https://threatpost.com/ninja-forms-wordpress-plugin-hacks/164042/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23768">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 17:15:35">
17:15
       </div>

       <div class="text">
<strong>🔏 Suit Claims Attorneys Stole, Destroyed Data Before Joining Rival Firm 🔏</strong><br><br><code>A new lawsuit alleges four attorneys, months before they left for a competing firm, plotted their exit, copied and destroyed corporate data.</code><br><br><a href="https://digitalguardian.com/blog/suit-claims-attorneys-stole-destroyed-data-joining-rival-firm">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23769">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 18:20:25">
18:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Kia Faces $20M DoppelPaymer Ransomware Attack 🕴</strong><br><br><code>Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/kia-faces-%2420m-doppelpaymer-ransomware-attack/d/d-id/1340188?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23770">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 18:49:18">
18:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13555 ‼</strong><br><br><code>An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23771">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 18:49:18">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13553 ‼</strong><br><br><code>An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23772">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 18:49:19">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13551 ‼</strong><br><br><code>An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23773">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 18:49:20">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13552 ‼</strong><br><br><code>An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23774">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 18:49:21">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13550 ‼</strong><br><br><code>A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23775">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 19:04:46">
19:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Stolen Jones Day Law Firm Files Posted on Dark Web ❌</strong><br><br><code>Jones Day, which represented Trump, said the breach is part of the Accellion attack from December.</code><br><br><a href="https://threatpost.com/stolen-jones-day-law-firm-files-posted/164066/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23776">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 19:04:47">
19:04
       </div>

       <div class="text">
<strong>❌ Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign ❌</strong><br><br><code>The WatchDog malware has flown under the radar for two years in what researchers call one of the &apos;largest&apos; Monero cryptojacking attacks ever.</code><br><br><a href="https://threatpost.com/windows-linux-devices-hijacked-in-two-year-cryptojacking-campaign/164048/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23777">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 19:38:48">
19:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 LastPass: A cheat sheet 🦿</strong><br><br><code>This comprehensive guide covers everything you need to know about password management app LastPass, including its newly announced free cross-platform access.</code><br><br><a href="https://www.techrepublic.com/article/lastpass-the-smart-persons-guide/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23778">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 19:50:26">
19:50
       </div>

       <div class="text">
<strong>🕴 White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign 🕴</strong><br><br><code>Anne Neuberger, a top Biden cybersecurity official, provided an update on the government&apos;s investigation into the massive breach.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/white-house-says-100-private-sector-orgs-hit-in-solarwinds-campaign/d/d-id/1340186?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23779">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:20:29">
20:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B 🕴</strong><br><br><code>FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/us-unseals-indictments-against-north-korean-cyberattackers-for-thefts-totaling-%2413b/d/d-id/1340190?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23780">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:22">
20:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26720 ‼</strong><br><br><code>avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26720">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23781">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:23">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-27367 ‼</strong><br><br><code>Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23782">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:24">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-25605 ‼</strong><br><br><code>Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23783">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:25">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-26911 ‼</strong><br><br><code>core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23784">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:26">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-3396 ‼</strong><br><br><code>OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts &lt;1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3396">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23785">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:27">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-27374 ‼</strong><br><br><code>VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve &quot;Zugriff auf Inhalte der WebOffice Applikation.&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27374">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23786">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:49:28">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-36245 ‼</strong><br><br><code>GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23787">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 20:52:24">
20:52
       </div>

       <div class="text">
<strong>🕴 Egregor Arrests a Blow, But Ransomware Will Likely Bounce Back 🕴</strong><br><br><code>Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/egregor-arrests-a-blow-but-ransomware-will-likely-bounce-back/d/d-id/1340191?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23788">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 22:49:27">
22:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-9306 ‼</strong><br><br><code>Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a &quot;Use of Hard-coded Credentials&quot; issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9306">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23789">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 22:49:27">
22:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-12878 ‼</strong><br><br><code>Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12878">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23790">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 22:49:28">
22:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-27138 ‼</strong><br><br><code>The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23791">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 22:49:29">
22:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-8625 ‼</strong><br><br><code>BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND&apos;s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -&gt; 9.11.27, 9.12.0 -&gt; 9.16.11, and versions BIND 9.11.3-S1 -&gt; 9.11.27-S1 and 9.16.8-S1 -&gt; 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -&gt; 9.17.1 of the BIND 9.17 development branch</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23792">

      <div class="body">

       <div class="pull_right date details" title="17.02.2021 22:49:30">
22:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-27097 ‼</strong><br><br><code>The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-772">

      <div class="body details">
18 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23793">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 12:21:04">
12:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Virginia Takes Different Tack Than California With Data Privacy Law 🕴</strong><br><br><code>Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.</code><br><br><a href="https://www.darkreading.com/endpoint/privacy/virginia-takes-different-tack-than-california-with-data-privacy-law/a/d-id/1340117?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23794">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 12:21:05">
12:21
       </div>

       <div class="text">
<strong>🕴 Pro Tip: Say What You Know 🕴</strong><br><br><code>During the immediate period following a breach, it&apos;s vital to move fast - but not trip over yourself.</code><br><br><a href="https://www.darkreading.com/edge/theedge/pro-tip-say-what-you-know/b/d-id/1340189?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23795">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 12:50:06">
12:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-35577 ‼</strong><br><br><code>In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23796">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 12:50:07">
12:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29664 ‼</strong><br><br><code>A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23797">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:05:56">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mac Malware Targets Apple’s In-House M1 Processor ❌</strong><br><br><code>A malicious adware-distributing application specifically targets Apple&apos;s new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.</code><br><br><a href="https://threatpost.com/macos-malware-apple-m1-processor/164075/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23798">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:21:10">
14:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Run a Successful Penetration Test 🕴</strong><br><br><code>These seven tips will help ensure a penetration test improves your organization&apos;s overall security posture.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/how-to-run-a-successful-penetration-test------------------/d/d-id/1340135?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23799">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:21:11">
14:21
       </div>

       <div class="text">
<strong>🕴 Data security accountability in an age of regular breaches 🕴</strong><br><br><code>As the number of vendors impacted by supply-chain breaches grows, one constant question remains: where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?</code><br><br><a href="https://www.darkreading.com/omdia/data-security-accountability-in-an-age-of-regular-breaches/a/d-id/1340195?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23800">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:38:05">
14:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ US names three North Koreans in laundry list of cybercrime charges ⚠</strong><br><br><code>Trio alleged to have been at it for more than a decade, and to have made off with well over a billion dollars.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/18/us-names-three-north-koreans-in-laundry-list-of-cybercrime-charges/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23801">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:12">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-28496 ‼</strong><br><br><code>This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require(&apos;three&apos;) function build_blank (n) { var ret = &quot;rgb(&quot; for (var i = 0; i &lt; n; i++) { ret += &quot; &quot; } return ret + &quot;&quot;; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+&quot; ms&quot;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23802">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:13">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20444 ‼</strong><br><br><code>IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20444">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23803">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:14">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-28499 ‼</strong><br><br><code>All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23804">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:15">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-23341 ‼</strong><br><br><code>The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23805">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:16">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-18255 ‼</strong><br><br><code>HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18255">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23806">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:17">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20354 ‼</strong><br><br><code>IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23807">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:18">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-4933 ‼</strong><br><br><code>IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23808">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:19">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-28491 ‼</strong><br><br><code>This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28491">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23809">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:20">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20446 ‼</strong><br><br><code>IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20446">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23810">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:21">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-28463 ‼</strong><br><br><code>All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes &amp; trustedHosts (see in Reportlab&apos;s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -&gt; odyssey -&gt; dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject &lt;img src=&quot;http://127.0.0.1:5000&quot; valign=&quot;top&quot;/&gt; 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28463">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23811">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:22">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-28490 ‼</strong><br><br><code>The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset(&apos;atouch HACKEDb&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23812">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:23">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-23340 ‼</strong><br><br><code>This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&amp;91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23813">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:24">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20445 ‼</strong><br><br><code>IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20445">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23814">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 14:50:25">
14:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20443 ‼</strong><br><br><code>IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20443">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23815">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 15:05:58">
15:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Exploit Details Emerge for Unpatched Microsoft Bug ❌</strong><br><br><code>A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.</code><br><br><a href="https://threatpost.com/exploit-details-unpatched-microsoft-bug/164083/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23816">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 15:21:11">
15:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy 🕴</strong><br><br><code>Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/hiding-in-plain-sight-what-the-solarwinds-attack-revealed-about-efficacy/a/d-id/1340140?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23817">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 15:39:21">
15:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybersecurity needs to be proactive with involvement from business leaders 🦿</strong><br><br><code>In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-needs-to-be-proactive-with-involvement-from-business-leaders/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23818">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 15:39:21">
15:39
       </div>

       <div class="text">
<strong>🦿 LastPass password management app: A cheat sheet 🦿</strong><br><br><code>This comprehensive guide covers everything you need to know about password management app LastPass, including recent restrictions on free accounts.</code><br><br><a href="https://www.techrepublic.com/article/lastpass-the-smart-persons-guide/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23819">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 16:25:19">
16:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 DOJ Charges Two More North Korean Hackers in Global Attacks 🔏</strong><br><br><code>The Department of Justice this week peeled back more layers on the North Korean military hacking unit Lazarus Group and its longtime cybercrime spree.</code><br><br><a href="https://digitalguardian.com/blog/doj-charges-two-more-north-korean-hackers-global-attacks">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23820">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 16:50:19">
16:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27335 ‼</strong><br><br><code>KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23821">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 16:50:21">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-27329 ‼</strong><br><br><code>Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23822">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 16:50:22">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-18243 ‼</strong><br><br><code>HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23823">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 16:50:23">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-27379 ‼</strong><br><br><code>An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27379">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23824">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 16:50:24">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-21318 ‼</strong><br><br><code>Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23825">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 17:21:16">
17:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Azure Front Door Gets a Security Upgrade 🕴</strong><br><br><code>New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.</code><br><br><a href="https://www.darkreading.com/cloud/microsoft-azure-front-door-gets-a-security-upgrade/d/d-id/1340197?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23826">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 17:36:04">
17:36
       </div>

       <div class="text">
<strong>❌ Kia Motors Hit With $20M Ransomware Attack – Report ❌</strong><br><br><code>So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publish sensitive data bits on the gang’s […]</code><br><br><a href="https://threatpost.com/kia-motors-ransomware-attack/164085/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23827">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 17:51:16">
17:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Apple Offers Closer Look at Its Platform Security Technologies, Features 🕴</strong><br><br><code>In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.</code><br><br><a href="https://www.darkreading.com/endpoint/apple-offers-closer-look-at-its-platform-security-technologies-features/d/d-id/1340198?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23828">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:06:06">
18:06
       </div>

       <div class="text">
<strong>❌ Apple Outlines 2021 Security, Privacy Roadmap ❌</strong><br><br><code>Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.</code><br><br><a href="https://threatpost.com/apple-2021-platform-security-guide/164094/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23829">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:36:06">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams ❌</strong><br><br><code>The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.</code><br><br><a href="https://threatpost.com/cybercriminal-enterprise-ringleaders-stole-55m-via-covid-19-fraud-romance-scams/164086/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23830">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:23">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-35776 ‼</strong><br><br><code>A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23831">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:24">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-35591 ‼</strong><br><br><code>Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user&apos;s account through the active session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35591">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23832">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:25">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-35592 ‼</strong><br><br><code>Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23833">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:26">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-26717 ‼</strong><br><br><code>An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23834">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:27">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-3271 ‼</strong><br><br><code>PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info&apos;s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23835">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:28">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-36233 ‼</strong><br><br><code>The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23836">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 18:50:29">
18:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-26906 ‼</strong><br><br><code>An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23837">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 19:21:19">
19:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CrowdStrike Buys Log Management Startup Humio for $400M 🕴</strong><br><br><code>CrowdStrike plans to use Humio&apos;s technology to continue building out its extended detection and response platform.</code><br><br><a href="https://www.darkreading.com/endpoint/crowdstrike-buys-log-management-startup-humio-for-%24400m/d/d-id/1340200?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23838">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 20:21:28">
20:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Concludes Internal Investigation into Solorigate Breach 🕴</strong><br><br><code>The software giant found no evidence that attackers gained extensive access to services or customer data.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/microsoft-concludes-internal-investigation-into-solorigate-breach/d/d-id/1340202?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23839">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 20:50:28">
20:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26747 ‼</strong><br><br><code>Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26747">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23840">

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 20:50:29">
20:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-26712 ‼</strong><br><br><code>Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26712">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23841">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.02.2021 21:08:06">
21:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs [Podcast] ⚠</strong><br><br><code>Latest episode, listen now! (Includes special gardening safety section at no extra charge!)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/18/s3-ep20-corporate-megahacking-true-love-gone-bad-and-tax-grabs-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-773">

      <div class="body details">
19 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23842">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:03">
08:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-36247 ‼</strong><br><br><code>Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23843">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:04">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-36251 ‼</strong><br><br><code>ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else&apos;s access to that share.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36251">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23844">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:05">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-36249 ‼</strong><br><br><code>The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23845">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:06">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-24908 ‼</strong><br><br><code>Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23846">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:07">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-26296 ‼</strong><br><br><code>In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23847">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:11">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-36250 ‼</strong><br><br><code>In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23848">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:12">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-36248 ‼</strong><br><br><code>The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23849">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:13">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-36252 ‼</strong><br><br><code>ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23850">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:13">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-3339 ‼</strong><br><br><code>ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23851">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:14">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-10254 ‼</strong><br><br><code>An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10254">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23852">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 08:51:15">
08:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-10252 ‼</strong><br><br><code>An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23853">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 11:37:03">
11:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Faraday 3.14.1 🛠</strong><br><br><code>Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.</code><br><br><a href="https://packetstormsecurity.com/files/161480/faraday-3.14.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23854">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 11:37:05">
11:37
       </div>

       <div class="text">
<strong>❌ Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code ❌</strong><br><br><code>However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.</code><br><br><a href="https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23855">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 12:21:57">
12:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Fine-Tune Vendor Risk Management in a Virtual World 🕴</strong><br><br><code>Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.</code><br><br><a href="https://www.darkreading.com/risk/how-to-fine-tune-vendor-risk-management-in-a-virtual-world/a/d-id/1340144?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23856">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 12:47:02">
12:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 2-19 🔏</strong><br><br><code>Indictments of North Korean hackers, cybersecurity in the stimulus bill, and the growing popularity of Python - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-2-19">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23857">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 12:51:14">
12:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-3210 ‼</strong><br><br><code>components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &lt;= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23858">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 12:51:15">
12:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-3204 ‼</strong><br><br><code>SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3204">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23859">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 13:09:48">
13:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Linux 101: How to block users from setting up their own cron jobs 🦿</strong><br><br><code>Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.</code><br><br><a href="https://www.techrepublic.com/article/linux-101-how-to-block-users-from-setting-up-their-own-cron-jobs/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23860">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 13:09:49">
13:09
       </div>

       <div class="text">
<strong>🦿 Forrester report highlights Zero Trust Edge model for networking and security infrastructure 🦿</strong><br><br><code>According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.</code><br><br><a href="https://www.techrepublic.com/article/forrester-report-highlights-zero-trust-edge-model-for-networking-and-security-infrastructure/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23861">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:22:02">
14:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Omdia&apos;s On-Demand Webinars 🕴</strong><br><br><br><br><a href="https://gateway.on24.com/wcc/eh/753397/category/17987/security-technology?partnerref=OmdiaDR&amp;_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23862">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:38:31">
14:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ The massive coronavirus pandemic IT blunder with a funny side ⚠</strong><br><br><code>He was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/19/the-massive-coronavirus-pandemic-it-blunder-with-a-funny-side/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23863">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:41:33">
14:41
       </div>

       <div class="text">
<strong>🦿 IRS issues urgent notice on scams aimed at tax professionals 🦿</strong><br><br><code>Scammers are impersonating the IRS with emails carrying the subject line &quot;Verifying your EFIN before e-filing.&quot;</code><br><br><a href="https://www.techrepublic.com/article/irs-issues-urgent-notice-on-scams-aimed-at-tax-professionals/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23864">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:41:35">
14:41
       </div>

       <div class="text">
<strong>🦿 Linux 101: How to block users from setting up their own cron jobs 🦿</strong><br><br><code>Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.</code><br><br><a href="https://www.techrepublic.com/article/linux-101-how-to-block-users-from-setting-up-their-own-cron-jobs/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23865">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:51:21">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22701 ‼</strong><br><br><code>A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23866">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:51:22">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22702 ‼</strong><br><br><code>A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23867">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:51:22">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-12374 ‼</strong><br><br><code>Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12374">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23868">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 14:51:23">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22703 ‼</strong><br><br><code>A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23869">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 15:52:06">
15:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Attackers Already Targeting Apple&apos;s M1 Chip with Custom Malware 🕴</strong><br><br><code>A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.</code><br><br><a href="https://www.darkreading.com/endpoint/attackers-already-targeting-apples-m1-chip-with-custom-malware/d/d-id/1340209?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23870">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:09:51">
16:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to find details about user logins on Linux 🦿</strong><br><br><code>If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.</code><br><br><a href="https://www.techrepublic.com/article/how-to-find-details-about-user-logins-on-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23871">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:09:52">
16:09
       </div>

       <div class="text">
<strong>🦿 New malformed URL phishing technique can make attacks harder to spot 🦿</strong><br><br><code>Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.</code><br><br><a href="https://www.techrepublic.com/article/new-malformed-url-phishing-technique-can-make-attacks-harder-to-spot/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23872">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:37:17">
16:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mysterious Silver Sparrow Malware Found Nesting on 30K Macs ❌</strong><br><br><code>A second malware that targets Macs with Apple&apos;s in-house M1 chip is infecting machines worldwide -- but it&apos;s unclear why.</code><br><br><a href="https://threatpost.com/silver-sparrow-malware-30k-macs/164121/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23873">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:37:18">
16:37
       </div>

       <div class="text">
<strong>❌ Credential-Stuffing Attack Targets Regional Internet Registry ❌</strong><br><br><code>RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.</code><br><br><a href="https://threatpost.com/credential-stuffing-attack-ripe-ncc/164109/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23874">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:51:27">
16:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21512 ‼</strong><br><br><code>Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23875">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:51:28">
16:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-9050 ‼</strong><br><br><code>Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23876">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:51:29">
16:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-25171 ‼</strong><br><br><code>The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23877">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:51:30">
16:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-13549 ‼</strong><br><br><code>An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23878">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 16:51:32">
16:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-23342 ‼</strong><br><br><code>This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more â€&amp;oelig;////â€� characters</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23342">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23879">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:09:53">
18:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Kia outage may be the result of ransomware 🦿</strong><br><br><code>A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer.</code><br><br><a href="https://www.techrepublic.com/article/kia-outage-may-be-the-result-of-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23880">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:37:21">
18:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Malformed URL Prefix Phishing Attacks Spike 6,000% ❌</strong><br><br><code>Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said.</code><br><br><a href="https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23881">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:32">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-27351 ‼</strong><br><br><code>The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23882">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:33">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-35499 ‼</strong><br><br><code>A NULL pointer dereference flaw in kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23883">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:34">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-20588 ‼</strong><br><br><code>Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20588">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23884">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:35">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-27328 ‼</strong><br><br><code>Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23885">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:36">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-26713 ‼</strong><br><br><code>A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23886">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:40">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-27214 ‼</strong><br><br><code>A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27214">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23887">

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 18:51:41">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-20587 ‼</strong><br><br><code>Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23888">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 20:25:17">
20:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Kia Denies Ransomware Attack as IT Outage Continues 🕴</strong><br><br><code>Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/kia-denies-ransomware-attack-as-it-outage-continues/d/d-id/1340218?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23889">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.02.2021 20:51:37">
20:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27785 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-29074. Reason: This candidate is a reservation duplicate of CVE-2020-29074. Notes: All CVE users should reference CVE-2020-29074 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27785">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-774">

      <div class="body details">
20 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23890">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.02.2021 08:52:08">
08:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26544 ‼</strong><br><br><code>Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users&apos; sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26544">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-775">

      <div class="body details">
21 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23891">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.02.2021 08:53:06">
08:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26716 ‼</strong><br><br><code>Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23892">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.02.2021 22:39:29">
22:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Nvidia announces official “anti-cryptomining” software drivers ⚠</strong><br><br><code>&quot;It&apos;s a DoS, Jim, but not as we know it.&quot;</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/22/nvidia-announces-official-anti-cryptomining-software-drivers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23893">

      <div class="body">

       <div class="pull_right date details" title="21.02.2021 22:53:38">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2021-27515 ‼</strong><br><br><code>url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27515">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23894">

      <div class="body">

       <div class="pull_right date details" title="21.02.2021 22:53:39">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2021-27513 ‼</strong><br><br><code>The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on &quot;le filtre userside.&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23895">

      <div class="body">

       <div class="pull_right date details" title="21.02.2021 22:53:40">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2021-27514 ‼</strong><br><br><code>EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27514">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23896">

      <div class="body">

       <div class="pull_right date details" title="21.02.2021 22:53:41">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2021-27516 ‼</strong><br><br><code>URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27516">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-776">

      <div class="body details">
22 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23897">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:27:59">
08:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-11177 ‼</strong><br><br><code>User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23898">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:00">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11170 ‼</strong><br><br><code>Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23899">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:00">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11195 ‼</strong><br><br><code>Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11195">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23900">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:02">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11282 ‼</strong><br><br><code>Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23901">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:03">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11203 ‼</strong><br><br><code>Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11203">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23902">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:04">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11270 ‼</strong><br><br><code>Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23903">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:05">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11272 ‼</strong><br><br><code>Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23904">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:06">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11187 ‼</strong><br><br><code>Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23905">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:07">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11223 ‼</strong><br><br><code>Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23906">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:11">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-3664 ‼</strong><br><br><code>Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23907">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:12">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11198 ‼</strong><br><br><code>Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23908">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:13">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11163 ‼</strong><br><br><code>Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11163">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23909">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:14">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11287 ‼</strong><br><br><code>Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11287">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23910">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:15">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11271 ‼</strong><br><br><code>Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23911">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:18">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11278 ‼</strong><br><br><code>Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23912">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:19">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11253 ‼</strong><br><br><code>Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11253">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23913">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:20">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11275 ‼</strong><br><br><code>Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23914">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:21">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11281 ‼</strong><br><br><code>Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11281">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23915">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:22">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11194 ‼</strong><br><br><code>Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23916">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 08:28:23">
08:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-11296 ‼</strong><br><br><code>Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23917">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 11:39:52">
11:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – How to calculate important things using a computer ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live talk - watch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/22/naked-security-live-how-to-calculate-important-things-using-a-computer/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23918">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 11:42:54">
11:42
       </div>

       <div class="text">
<strong>🦿 Free password manager alternatives to LastPass 🦿</strong><br><br><code>With the free version of LastPass now limiting where you can sync your passwords, here are a few other options.</code><br><br><a href="https://www.techrepublic.com/article/free-password-manager-alternatives-to-lastpass/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23919">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 11:42:55">
11:42
       </div>

       <div class="text">
<strong>🦿 New cloud security analysis finds default configurations and identity management are the biggest concerns 🦿</strong><br><br><code>Accurics analyzed cloud-native configurations over the last 7 months to identify ongoing and new threats.</code><br><br><a href="https://www.techrepublic.com/article/new-cloud-security-analysis-finds-default-configurations-and-identity-management-are-the-biggest-concerns/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23920">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 12:11:26">
12:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The top 6 enterprise VPNs to use in 2021 🦿</strong><br><br><code>Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses.</code><br><br><a href="https://www.techrepublic.com/article/the-top-6-enterprise-vpns-to-use-in-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23921">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 12:29:35">
12:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Can Your Connected Car Reveal About You? 🕴</strong><br><br><code>App developers must take responsibility for the security of users&apos; data.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/what-can-your-connected-car-reveal-about-you/a/d-id/1340145?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23922">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:09:58">
13:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Nvidia announces official “anti-cryptomining” software drivers ⚠</strong><br><br><code>&quot;It&apos;s a DoS, Jim, but not as we know it.&quot;</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/22/nvidia-announces-official-anti-cryptomining-software-drivers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23923">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:13:00">
13:13
       </div>

       <div class="text">
<strong>🦿 Mysterious malware infects 30,000 Mac computers 🦿</strong><br><br><code>Known as Silver Sparrow, the malware&apos;s intent is still unknown as it has yet to deliver an actual payload, says security firm Red Canary.</code><br><br><a href="https://www.techrepublic.com/article/mysterious-malware-infects-30000-mac-computers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23924">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:39:58">
13:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 I2P 0.9.49 🛠</strong><br><br><code>I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.</code><br><br><a href="https://packetstormsecurity.com/files/161496/i2psource_0.9.49.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23925">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:39:59">
13:39
       </div>

       <div class="text">
<strong>🛠 OpenDNSSEC 2.1.8 🛠</strong><br><br><code>OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.</code><br><br><a href="https://packetstormsecurity.com/files/161499/opendnssec-2.1.8.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23926">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:40:00">
13:40
       </div>

       <div class="text">
<strong>🛠 Wapiti Web Application Vulnerability Scanner 3.0.4 🛠</strong><br><br><code>Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.</code><br><br><a href="https://packetstormsecurity.com/files/161497/wapiti3-3.0.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23927">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:40:01">
13:40
       </div>

       <div class="text">
<strong>🛠 Global Socket 1.4.24 🛠</strong><br><br><code>Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL&apos;s SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.</code><br><br><a href="https://packetstormsecurity.com/files/161498/gsocket-1.4.24.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23928">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 13:59:42">
13:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 8 Ways Ransomware Operators Target Your Network 🕴</strong><br><br><code>Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.</code><br><br><a href="https://www.darkreading.com/8-ways-ransomware-operators-target-your-network/d/d-id/1340221?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23929">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:29">
14:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21224 ‼</strong><br><br><code>A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23930">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:31">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27371 ‼</strong><br><br><code>The Contact page in Monica 2.19.1 allows stored XSS via the Description field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23931">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:32">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-19762 ‼</strong><br><br><code>Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23932">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:33">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3120 ‼</strong><br><br><code>An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23933">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:35">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27559 ‼</strong><br><br><code>The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23934">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:35">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-24175 ‼</strong><br><br><code>Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23935">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:36">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27368 ‼</strong><br><br><code>The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23936">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:37">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27370 ‼</strong><br><br><code>The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23937">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 14:33:38">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27369 ‼</strong><br><br><code>The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27369">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23938">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 15:12:59">
15:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 These two areas are CISOs&apos; top priorities this year 🦿</strong><br><br><code>Team8 surveyed cybersecurity leaders to find out where they will spend their money in 2021.</code><br><br><a href="https://www.techrepublic.com/videos/these-two-areas-are-cisos-top-priorities-this-year/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23939">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 15:13:00">
15:13
       </div>

       <div class="text">
<strong>🦿 Cybersecurity pros: Automation and app security are top priorities in 2021 🦿</strong><br><br><code>A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-pros-automation-and-app-security-are-top-priorities-in-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23940">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 17:10:05">
17:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Assume ClubHouse Conversations Are Being Recorded, Researchers Warn ❌</strong><br><br><code>At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that over the weekend a user was able to breach “multiple” ClubHouse room audio feeds […]</code><br><br><a href="https://threatpost.com/clubhouse-conversations-recorded/164158/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 17:29:49">
17:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Sequoia Capital Suffers Data Breach 🕴</strong><br><br><code>The attack began with a successful phishing email.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/sequoia-capital-suffers-data-breach--/d/d-id/1340224?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23942">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 17:49:26">
17:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Oklahoma Introduces Consumer Data Privacy Bill 🔏</strong><br><br><code>Yet another state has introduced its own data privacy bill: The Oklahoma Computer Data Privacy Act would require organizations get consent before collecting and selling user data.</code><br><br><a href="https://digitalguardian.com/blog/oklahoma-introduces-consumer-data-privacy-bill">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23943">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 17:59:50">
17:59
       </div>

       <div class="text">
<strong>🕴 Researcher Reports Vulnerability in Apple iCloud Domain 🕴</strong><br><br><code>A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/researcher-reports-vulnerability-in-apple-icloud-domain/d/d-id/1340225?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23944">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 18:10:05">
18:10
       </div>

       <div class="text">
<strong>❌ Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report ❌</strong><br><br><code>APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.</code><br><br><a href="https://threatpost.com/chinese-hackers-hijacked-nsa-hacking-tool/164155/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23945">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 18:33:45">
18:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27279 ‼</strong><br><br><code>MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23946">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 18:59:53">
18:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims 🕴</strong><br><br><code>FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/accellion-data-breach-resulted-in-extortion-attempts-against-multiple-victims/d/d-id/1340226?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23947">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 19:10:05">
19:10
       </div>

       <div class="text">
<strong>❌ TDoS Attacks Take Aim at Emergency First-Responder Services ❌</strong><br><br><code>The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.</code><br><br><a href="https://threatpost.com/tdos-attacks-emergency-first-responder/164176/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23948">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 19:13:08">
19:13
       </div>

       <div class="text">
<strong>🦿 Why non-human workers can increase security issues in your business 🦿</strong><br><br><code>Most organizations don&apos;t give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.</code><br><br><a href="https://www.techrepublic.com/article/why-non-human-workers-can-increase-security-issues-in-your-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23949">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 19:59:56">
19:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cybercrime Groups More Prolific, Focus on Healthcare in 2020 🕴</strong><br><br><code>Almost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cybercrime-groups-more-prolific-focus-on-healthcare-in-2020/d/d-id/1340228?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23950">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:29:54">
20:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Chinese-Affiliated APT31 Cloned &amp; Used NSA Hacking Tool 🕴</strong><br><br><code>APT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/chinese-affiliated-apt31-cloned-and-used-nsa-hacking-tool/d/d-id/1340229?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23951">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:52">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21154 ‼</strong><br><br><code>Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21154">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23952">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:54">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-26724 ‼</strong><br><br><code>OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26724">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23953">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:55">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-29453 ‼</strong><br><br><code>The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23954">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:55">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21153 ‼</strong><br><br><code>Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23955">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:56">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-29448 ‼</strong><br><br><code>The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29448">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23956">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:57">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-36232 ‼</strong><br><br><code>The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23957">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:58">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-26068 ‼</strong><br><br><code>An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23958">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:33:59">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-26725 ‼</strong><br><br><code>Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23959">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:00">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21155 ‼</strong><br><br><code>Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23960">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:01">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21151 ‼</strong><br><br><code>Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23961">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:02">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21150 ‼</strong><br><br><code>Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23962">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:04">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21152 ‼</strong><br><br><code>Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23963">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:05">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21157 ‼</strong><br><br><code>Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23964">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:06">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21156 ‼</strong><br><br><code>Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23965">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 20:34:08">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21149 ‼</strong><br><br><code>Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23966">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 22:34:02">
22:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23827 ‼</strong><br><br><code>Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the &quot;Explode message/Explode now&quot; functionality. Local filesystem access is needed by the attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23967">

      <div class="body">

       <div class="pull_right date details" title="22.02.2021 22:34:03">
22:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-27189 ‼</strong><br><br><code>The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-777">

      <div class="body details">
23 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23968">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:18">
03:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25690 ‼</strong><br><br><code>An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23969">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:19">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-29075 ‼</strong><br><br><code>Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23970">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:20">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-35852 ‼</strong><br><br><code>Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23971">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:21">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-27568 ‼</strong><br><br><code>An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23972">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:22">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27819 ‼</strong><br><br><code>An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27819">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23973">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:26">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-22649 ‼</strong><br><br><code>Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22649">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23974">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:27">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27768 ‼</strong><br><br><code>In ImageMagick, there is an outside the range of representable values of type &apos;unsigned int&apos; at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27768">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23975">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:27">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-22647 ‼</strong><br><br><code>Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22647">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23976">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:28">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-22645 ‼</strong><br><br><code>Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a â€&amp;oelig;loadâ€� command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23977">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 03:34:29">
03:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-22643 ‼</strong><br><br><code>Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23978">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 08:34:37">
08:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13697 ‼</strong><br><br><code>An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23979">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 11:11:02">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 10K Microsoft Email Users Hit in FedEx Phishing Attack ❌</strong><br><br><code>Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.</code><br><br><a href="https://threatpost.com/microsoft-fedex-phishing-attack/164143/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23980">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 12:30:43">
12:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CVSS as a Framework, Not a Score 🕴</strong><br><br><code>The venerable system has served us well but is now outdated. Not that it&apos;s time to throw the system away -- use it as a framework to measure risk using modern, context-based methods.</code><br><br><a href="https://www.darkreading.com/risk/cvss-as-a-framework-not-a-score/a/d-id/1340173?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23981">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 12:35:00">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20242 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20176. Reason: This candidate is a reservation duplicate of CVE-2021-20176. Notes: All CVE users should reference CVE-2021-20176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23982">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 12:35:01">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-14359 ‼</strong><br><br><code>A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23983">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 13:00:45">
13:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Security + Fraud Protection: Your One-Two Punch Against Cyberattacks 🕴</strong><br><br><code>When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.</code><br><br><a href="https://www.darkreading.com/edge/theedge/security-+-fraud-protection-your-one-two-punch-against-cyberattacks/b/d-id/1340230?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23984">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 13:10:46">
13:10
       </div>

       <div class="text">
<strong>⚠ Keybase secure messaging fixes photo-leaking bug – patch now! ⚠</strong><br><br><code>It&apos;s a bit like Snapchat all over again - but this bug was quickly fixed.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/23/keybase-secure-messaging-fixes-photo-leaking-bug-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23985">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 13:10:47">
13:10
       </div>

       <div class="text">
<strong>🛠 Zeek 3.2.4 🛠</strong><br><br><code>Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek&apos;s user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/161509/zeek-3.2.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23986">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:11:07">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Finnish IT Giant Hit with Ransomware Cyberattack ❌</strong><br><br><code>A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a […]</code><br><br><a href="https://threatpost.com/finnish-it-giant-ransomware-cyberattack/164193/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23987">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:06">
14:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4953 ‼</strong><br><br><code>IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization&apos;s internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4953">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23988">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:07">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-28432 ‼</strong><br><br><code>All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require(&quot;theme-core&quot;); a.utils.sh(&quot;touch JHU&quot;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28432">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23989">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:08">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-25630 ‼</strong><br><br><code>&quot;loolforkit&quot; is a privileged program that is supposed to be run by a special, non-privileged &quot;lool&quot; user. Before doing anything else &quot;loolforkit&quot; checks, if it was invoked by the &quot;lool&quot; user, and refuses to run with privileges, if it&apos;s not the case. In the vulnerable version of &quot;loolforkit&quot; this check was wrong, so a normal user could start &quot;loolforkit&quot; and eventually get local root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23990">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:08">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-27550 ‼</strong><br><br><code>Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23991">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:09">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-7847 ‼</strong><br><br><code>The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23992">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:11">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3252 ‼</strong><br><br><code>KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23993">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:12">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-28431 ‼</strong><br><br><code>All versions of package wc-cmd are vulnerable to Command Injection via the index.js file. PoC: var a =require(&quot;wc-cmd&quot;); a(&quot;touch JHU&quot;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28431">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23994">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:13">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-28429 ‼</strong><br><br><code>All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require(&quot;geojson2kml&quot;); a(&quot;./&quot;,&quot;&amp; touch JHU&quot;,function(){})</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28429">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23995">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 14:35:13">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-28430 ‼</strong><br><br><code>All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require(&quot;nuance-gulp-build-common&quot;) a.run(&quot;touch JHU&quot;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28430">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23996">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 15:30:48">
15:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Augmenting SMB Defense Strategies With MITRE ATT&amp;CK: A Primer 🕴</strong><br><br><code>Any organization can use MITRE ATT&amp;CK as a force multiplier, but it&apos;s especially valuable for small ones.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/augmenting-smb-defense-strategies-with-mitre-attandck-a-primer-/a/d-id/1340174?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23997">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:12">
16:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22651 ‼</strong><br><br><code>When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23998">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:14">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20198 ‼</strong><br><br><code>A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23999">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:15">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26685 ‼</strong><br><br><code>A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24000">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:16">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20229 ‼</strong><br><br><code>A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24001">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:17">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-27582 ‼</strong><br><br><code>org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27582">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24002">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:18">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-16243 ‼</strong><br><br><code>Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24003">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:19">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-27579 ‼</strong><br><br><code>Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27579">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24004">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:20">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26686 ‼</strong><br><br><code>A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24005">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:21">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20220 ‼</strong><br><br><code>A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24006">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:22">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26683 ‼</strong><br><br><code>A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24007">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:23">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-26609 ‼</strong><br><br><code>fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24008">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:24">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26926 ‼</strong><br><br><code>A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24009">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:25">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20226 ‼</strong><br><br><code>A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24010">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:26">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26681 ‼</strong><br><br><code>A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24011">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:27">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26684 ‼</strong><br><br><code>A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26684">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24012">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:28">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-22113 ‼</strong><br><br><code>Applications using the â€&amp;oelig;Sensitive Headersâ€� functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the â€&amp;oelig;Sensitive Headersâ€� restriction when executing requests with specially constructed URLs. Applications that use Spring Security&apos;s StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24013">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:29">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-25161 ‼</strong><br><br><code>The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24014">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:30">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26678 ‼</strong><br><br><code>A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24015">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:31">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20230 ‼</strong><br><br><code>A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20230">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24016">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 16:35:32">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26682 ‼</strong><br><br><code>A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24017">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 17:11:15">
17:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Daycare Webcam Service Exposes 12,000 User Accounts   ❌</strong><br><br><code>NurseryCam suspends service across 40 daycare centers until a security fix is in place.</code><br><br><a href="https://threatpost.com/daycare-webcam-exposes-12000/164203/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24018">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 17:20:22">
17:20
       </div>

       <div class="text">
<strong>🔏 Public-Facing Financial Services Sites Ripe for Data Theft 🔏</strong><br><br><code>COVID-19 has led to increased fraud activity; one of the latest campaigns has seen cybercriminals stealing data from public-facing insurance websites.</code><br><br><a href="https://digitalguardian.com/blog/public-facing-financial-services-sites-ripe-data-theft">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24019">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 17:30:51">
17:30
       </div>

       <div class="text">
<strong>🕴 10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express 🕴</strong><br><br><code>The two campaigns aimed to steal victims&apos; business email account credentials by posing as the shipping companies.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/10k-targeted-in-phishing-attacks-spoofing-fedex-dhl-express/d/d-id/1340236?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24020">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 17:42:36">
17:42
       </div>

       <div class="text">
<strong>🦿 Ace your cybersecurity and IT certification exams by taking these prep courses 🦿</strong><br><br><code>These eight online courses teach the fundamentals you need to pass various IT and cybersecurity certification exams from Cisco and CompTIA.</code><br><br><a href="https://www.techrepublic.com/article/ace-your-cybersecurity-and-it-certification-exams-by-taking-these-prep-courses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24021">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:30:53">
18:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SonicWall Releases Second Set of February Firmware Patches 🕴</strong><br><br><code>The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.</code><br><br><a href="https://www.darkreading.com/risk/sonicwall-releases-second-set-of-february-firmware-patches/d/d-id/1340237?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24022">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:13">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26680 ‼</strong><br><br><code>A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24023">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:14">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26593 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24024">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:15">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26595 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24025">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:16">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-28587 ‼</strong><br><br><code>A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24026">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:17">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26679 ‼</strong><br><br><code>A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24027">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:18">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-7120 ‼</strong><br><br><code>A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24028">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:19">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-22882 ‼</strong><br><br><code>UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24029">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:20">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-27583 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24030">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:21">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26594 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24031">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:21">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-22112 ‼</strong><br><br><code>Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application&apos;s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22112">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24032">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:22">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-27782 ‼</strong><br><br><code>A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27782">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24033">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:23">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-8297 ‼</strong><br><br><code>Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24034">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:24">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26677 ‼</strong><br><br><code>A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24035">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:25">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-26927 ‼</strong><br><br><code>A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24036">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:26">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3405 ‼</strong><br><br><code>A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3405">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24037">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 18:35:30">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20247 ‼</strong><br><br><code>A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing &apos;..&apos; path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24038">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 19:12:40">
19:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Top 5 things to know about network attacks 🦿</strong><br><br><code>DDoS, SQL injection, and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.</code><br><br><a href="https://www.techrepublic.com/article/top-5-things-to-know-about-network-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24039">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 19:12:41">
19:12
       </div>

       <div class="text">
<strong>🦿 Network attacks: 5 things to know 🦿</strong><br><br><code>DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.</code><br><br><a href="https://www.techrepublic.com/videos/network-attacks-5-things-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24040">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 20:35:19">
20:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20182 ‼</strong><br><br><code>A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24041">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 20:42:40">
20:42
       </div>

       <div class="text">
<strong>🦿 Texas power outage highlights need for better use of data analytics, modeling and policy making 🦿</strong><br><br><code>Rob Robinson, client partner in utilities practice for Capgemini, talks with TechRepublic about what the catastrophic outages in Texas should teach us about predicting threats to U.S. the power grid.</code><br><br><a href="https://www.techrepublic.com/videos/texas-power-outage-highlights-need-for-better-use-of-data-analytics-modeling-and-policy-making/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24042">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 20:42:41">
20:42
       </div>

       <div class="text">
<strong>🦿 Texas power outage: Data analytics, modeling and policy making will be key to preventing similar disasters 🦿</strong><br><br><code>Protecting the U.S. power grid from serious outages, like the one following a 2021 winter storm in Texas, will require a better use of data analytics, modeling and policy making says industry expert.</code><br><br><a href="https://www.techrepublic.com/article/texas-power-outage-data-analytics-modeling-and-policy-making-will-be-key-to-preventing-similar-disasters/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24043">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 21:12:40">
21:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Texas power outage: Data analytics, modeling and policy making will be key to preventing similar disasters 🦿</strong><br><br><code>Protecting the U.S. power grid from serious outages, like the one following a 2021 winter storm in Texas, will require a better use of data analytics, modeling and policy making says industry expert.</code><br><br><a href="https://www.techrepublic.com/article/texas-power-outage-data-analytics-modeling-and-policy-making-will-be-key-to-preventing-similar-disasters/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24044">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:01:02">
22:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds Attackers Lurked for &apos;Several Months&apos; in FireEye&apos;s Network 🕴</strong><br><br><code>Top execs from FireEye, SolarWinds, Microsoft, and CrowdStrike testified before the US Senate Intelligence Committee today on the aftermath - and ongoing investigations - into the epic attacks.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/solarwinds-attackers-lurked-for-several-months-in-fireeyes-network/d/d-id/1340239?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24045">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:35:26">
22:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21323 ‼</strong><br><br><code>Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24046">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:35:26">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20194 ‼</strong><br><br><code>There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24047">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:35:27">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20256 ‼</strong><br><br><code>A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20256">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24048">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:35:28">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3410 ‼</strong><br><br><code>A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3410">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24049">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:35:29">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3407 ‼</strong><br><br><code>A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24050">

      <div class="body">

       <div class="pull_right date details" title="23.02.2021 22:35:33">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20252 ‼</strong><br><br><code>A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-778">

      <div class="body details">
24 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message24051">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:26">
10:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20661 ‼</strong><br><br><code>Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20661">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24052">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:27">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20659 ‼</strong><br><br><code>SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20659">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24053">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:27">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20662 ‼</strong><br><br><code>Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24054">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:28">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20658 ‼</strong><br><br><code>SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20658">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24055">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:29">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20660 ‼</strong><br><br><code>Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20660">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24056">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:33">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20656 ‼</strong><br><br><code>Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24057">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 10:36:34">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20657 ‼</strong><br><br><code>Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24058">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 11:32:29">
11:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Botnet Uses Blockchain to Obfuscate Backup Command &amp; Control Information 🕴</strong><br><br><code>The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/botnet-uses-blockchain-to-obfuscate-backup-command-and-control-information/d/d-id/1340240?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24059">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 11:43:15">
11:43
       </div>

       <div class="text">
<strong>🦿 Ransomware threats to watch for in 2021 include crimeware-as-a-service 🦿</strong><br><br><code>BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.</code><br><br><a href="https://www.techrepublic.com/article/ransomware-threats-to-watch-for-in-2021-include-crimeware-as-a-service/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24060">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:12:24">
12:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Lures Populate Half of Credential-Swiping Phishing Emails ❌</strong><br><br><code>As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.</code><br><br><a href="https://threatpost.com/microsoft-lures-credential-swiping-phishing-emails/164207/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24061">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:12:25">
12:12
       </div>

       <div class="text">
<strong>🛠 Global Socket 1.4.25 🛠</strong><br><br><code>Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL&apos;s SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.</code><br><br><a href="https://packetstormsecurity.com/files/161530/gsocket-1.4.25.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24062">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:12:26">
12:12
       </div>

       <div class="text">
<strong>🛠 jSQL Injection 0.84 🛠</strong><br><br><code>jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/161529/jsql-injection-0.84.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24063">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:12:27">
12:12
       </div>

       <div class="text">
<strong>🦿 10 tips for protecting your cloud data and accounts 🦿</strong><br><br><code>As more organizations migrate to the cloud, cybercriminals are taking advantage of the vulnerabilities in online apps, says Netskope.</code><br><br><a href="https://www.techrepublic.com/article/10-tips-for-protecting-your-cloud-data-and-accounts/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24064">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:12:27">
12:12
       </div>

       <div class="text">
<strong>🦿 Kroger data breach highlights urgent need to replace legacy, end-of-life tools 🦿</strong><br><br><code>Attackers used an outdated File Transfer Appliance from Accellion to gain access to data, the company said.</code><br><br><a href="https://www.techrepublic.com/article/kroger-data-breach-highlights-urgent-need-to-replace-legacy-end-of-life-tools/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24065">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:32:37">
12:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 3 Security Flaws in Smart Devices &amp; IoT That Need Fixing 🕴</strong><br><br><code>The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.</code><br><br><a href="https://www.darkreading.com/iot/3-security-flaws-in-smart-devices-and-iot-that-need-fixing/a/d-id/1340161?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24066">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:36:35">
12:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-12702 ‼</strong><br><br><code>Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24067">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:42:24">
12:42
       </div>

       <div class="text">
<strong>❌ Nvidia’s Anti-Cryptomining Chip May Not Discourage Attacks ❌</strong><br><br><code>The hotly anticipated ray-tracing, advanced gaming graphics chip will throttle Ethereum mining.</code><br><br><a href="https://threatpost.com/nvidia-tries-discourage-crypto-jacking-new-gpu/164221/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24068">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 12:42:25">
12:42
       </div>

       <div class="text">
<strong>🦿 How to combat the latest security threats in 2021 🦿</strong><br><br><code>Understanding the nature of the latest threats can help you identify shifts in tactics and techniques, prioritize security resources and test the most likely scenarios, says IBM X-Force.</code><br><br><a href="https://www.techrepublic.com/article/how-to-combat-the-latest-security-threats-in-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24069">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 13:32:39">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cartoon Caption Winner: Be Careful Who You Trust 🕴</strong><br><br><code>And the winner of The Edge&apos;s February cartoon caption contest is ...</code><br><br><a href="https://www.darkreading.com/edge/theedge/cartoon-caption-winner-be-careful-who-you-trust/b/d-id/1340234?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24070">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 13:32:41">
13:32
       </div>

       <div class="text">
<strong>🕴 Universities Face Double Threat of Ransomware, Data Breaches 🕴</strong><br><br><code>Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/universities-face-double-threat-of-ransomware-data-breaches/d/d-id/1340242?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24071">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:13:18">
14:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 What do users and IT have in common? They&apos;re both to blame for poor remote security practices 🦿</strong><br><br><code>One in four remote workers reuses work credentials on consumer sites, but IT isn&apos;t doing them any favors by reportedly failing to provide essential protection while away from the office.</code><br><br><a href="https://www.techrepublic.com/article/what-do-users-and-it-have-in-common-theyre-both-to-blame-for-poor-remote-security-practices/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24072">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:13:19">
14:13
       </div>

       <div class="text">
<strong>🦿 5 tips to protect your organization against the next cyberattack 🦿</strong><br><br><code>To better combat cyberattacks, prevention is better than detection, says Check Point Software.</code><br><br><a href="https://www.techrepublic.com/article/5-tips-to-protect-your-organization-against-the-next-cyberattack/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24073">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:50">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21620 ‼</strong><br><br><code>A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24074">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:51">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21619 ‼</strong><br><br><code>Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21619">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24075">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:52">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21618 ‼</strong><br><br><code>Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24076">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:53">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21616 ‼</strong><br><br><code>Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21616">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24077">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:54">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-28599 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24078">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:55">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21617 ‼</strong><br><br><code>A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24079">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:56">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-7846 ‼</strong><br><br><code>Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24080">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:57">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3355 ‼</strong><br><br><code>A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24081">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:58">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21622 ‼</strong><br><br><code>Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24082">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:36:59">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21621 ‼</strong><br><br><code>Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the &quot;About user (basic authentication details only)&quot; information, which can include the session ID of the user creating the support bundle in some configurations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21621">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24083">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:37:03">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27645 ‼</strong><br><br><code>The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24084">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 14:42:30">
14:42
       </div>

       <div class="text">
<strong>❌ VMWare Patches Critical RCE Flaw in vCenter Server ❌</strong><br><br><code>The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.</code><br><br><a href="https://threatpost.com/vmware-patches-critical-rce-flaw-in-vcenter-server/164240/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24085">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 15:32:42">
15:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Realities of Extended Detection and Response (XDR) Technology 🕴</strong><br><br><code>While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/the-realities-of-extended-detection-and-response-(xdr)-technology-/a/d-id/1340201?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24086">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:36:56">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21974 ‼</strong><br><br><code>OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24087">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:36:57">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-11988 ‼</strong><br><br><code>Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24088">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:36:58">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21972 ‼</strong><br><br><code>The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24089">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:36:59">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-27224 ‼</strong><br><br><code>In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24090">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:37:00">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-7836 ‼</strong><br><br><code>VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24091">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:37:01">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-11987 ‼</strong><br><br><code>Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24092">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:37:02">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21973 ‼</strong><br><br><code>The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24093">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:37:03">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4931 ‼</strong><br><br><code>IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24094">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 16:37:05">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22667 ‼</strong><br><br><code>BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24095">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 17:02:55">
17:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Kaseya Buys Managed SOC Provider 🕴</strong><br><br><code>Purchase extends offerings for MSP and SMB customers</code><br><br><a href="https://www.darkreading.com/operations/kaseya-buys-managed-soc-provider/d/d-id/1340245?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message24096">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 17:51:25">
17:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 IRS Warns of EFIN Tax Phishing Scam 🔏</strong><br><br><code>It&apos;s that time of the year again: The IRS and Security Summit Partners are warning about a new phishing scam aiming to steal client data and tax preparers&apos; identities.</code><br><br><a href="https://digitalguardian.com/blog/irs-warns-efin-tax-phishing-scam">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message24097">

      <div class="body">

       <div class="pull_right date details" title="24.02.2021 18:02:56">
18:02
       </div>

       <div class="text">
<strong>🕴 Google Invests in Linux Kernel Developers to Focus on Security 🕴</strong><br><br><code>Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.</code><br><br><a href="https://www.darkreading.com/operations/google-invests-in-linux-kernel-developers-to-focus-on-security/d/d-id/1340247?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages25.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>