messages26.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages25.html">
Previous messages
     </a>

     <div class="message service" id="message-800">

      <div class="body details">
18 March 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:13">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24137 ‼</strong><br><br><code>Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25099">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:14">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24124 ‼</strong><br><br><code>Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25100">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:15">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-21625 ‼</strong><br><br><code>Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25101">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:19">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24129 ‼</strong><br><br><code>Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25102">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:20">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24134 ‼</strong><br><br><code>Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25103">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:21">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24136 ‼</strong><br><br><code>Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25104">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:21">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24139 ‼</strong><br><br><code>Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25105">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:22">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24128 ‼</strong><br><br><code>Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the &apos;Description/biography&apos; of a member.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25106">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:26">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24130 ‼</strong><br><br><code>Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25107">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:27">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24149 ‼</strong><br><br><code>Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25108">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:28">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24127 ‼</strong><br><br><code>Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25109">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:29">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26237 ‼</strong><br><br><code>FastStone Image Viewer &lt;= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25110">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:30">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24146 ‼</strong><br><br><code>Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25111">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:34">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24125 ‼</strong><br><br><code>Unvalidated input in the Contact Form Submissions WordPress plugin, versions 1.6.4 and before, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25112">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:35">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24143 ‼</strong><br><br><code>Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25113">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:36">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24132 ‼</strong><br><br><code>The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if &quot;Role Options&quot; is turn on for other users) to perform a SQL Injection attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25114">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:37">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26935 ‼</strong><br><br><code>In WoWonder &lt; 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25115">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 13:32:38">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26233 ‼</strong><br><br><code>FastStone Image Viewer &lt;= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25116">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 14:22:46">
14:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Beware the Package Typosquatting Supply Chain Attack 🕴</strong><br><br><code>Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/beware-the-package-typosquatting-supply-chain-attack/a/d-id/1340383?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25117">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 14:52:46">
14:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 FBI: Business Email Compromise Cost $1.8B in 2020 🕴</strong><br><br><code>The Internet Crime Complaint Center received a record 791,790 complaints last year, with reported losses exceeding $4.1 billion.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/fbi-business-email-compromise-cost-%2418b-in-2020/d/d-id/1340452?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25118">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 14:57:15">
14:57
       </div>

       <div class="text">
<strong>🦿 How cybercriminals are targeting US taxpayers as tax season approaches 🦿</strong><br><br><code>The latest scams use phishing emails to deliver remote access trojans to control a victim&apos;s computer and steal sensitive data, says Cybereason.</code><br><br><a href="https://www.techrepublic.com/article/how-cybercriminals-are-targeting-us-taxpayers-as-tax-season-approaches/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25119">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:14">
15:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28796 ‼</strong><br><br><code>Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28796">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25120">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:15">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26216 ‼</strong><br><br><code>SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25121">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:16">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-27827 ‼</strong><br><br><code>A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25122">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:17">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28145 ‼</strong><br><br><code>Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25123">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:18">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-26155 ‼</strong><br><br><code>Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25124">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:22">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28790 ‼</strong><br><br><code>The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25125">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:23">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28791 ‼</strong><br><br><code>The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25126">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:24">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-21383 ‼</strong><br><br><code>Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `&lt;pre&gt;` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `&lt;pre&gt;` tags during the render.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21383">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25127">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:24">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28789 ‼</strong><br><br><code>The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25128">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:25">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26215 ‼</strong><br><br><code>SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26215">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25129">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:29">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28794 ‼</strong><br><br><code>The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25130">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:32:30">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28792 ‼</strong><br><br><code>The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25131">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 15:52:48">
15:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New CopperStealer Malware Hijacks Social Media Accounts 🕴</strong><br><br><code>Proofpoint researchers say it steals logins and spreads more malware.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-copperstealer-malware-hijacks-social-media-accounts/d/d-id/1340454?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25132">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 16:22:48">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Women&apos;s History Month: Making Mentorship Meaningful 🕴</strong><br><br><code>This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.</code><br><br><a href="https://www.darkreading.com/careers-and-people/womens-history-month-making-mentorship-meaningful-/a/d-id/1340419?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25133">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:05:33">
17:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Trojanized Xcode Project Slips MacOS Malware to Apple Developers ❌</strong><br><br><code>In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects.</code><br><br><a href="https://threatpost.com/xcode-macos-malware-apple-developers/164897/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25134">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:20">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-14903 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25135">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:21">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-35492 ‼</strong><br><br><code>A flaw was found in cairo&apos;s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo&apos;s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -&gt; out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35492">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25136">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:22">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2019-14850 ‼</strong><br><br><code>A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25137">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:23">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-27656 ‼</strong><br><br><code>A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25138">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:24">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-1287 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1287">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25139">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:28">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2019-3867 ‼</strong><br><br><code>A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user&apos;s container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3867">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25140">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:28">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2019-14908 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25141">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:29">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-14516 ‼</strong><br><br><code>In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14516">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25142">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:30">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-22665 ‼</strong><br><br><code>Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25143">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:31">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28160 ‼</strong><br><br><code>Stored XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device&apos;s user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25144">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:32:35">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2019-14848 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25145">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 17:35:22">
17:35
       </div>

       <div class="text">
<strong>❌ Fiserv Forgets to Buy Domain It Used as System Default ❌</strong><br><br><code>Fintech security provider Fiserv acknowledges it used unregistered domain as default email.</code><br><br><a href="https://threatpost.com/fiserv-forgets-to-buy-domain-it-used-as-system-default/164903/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25146">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 18:52:51">
18:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Facebook Expands Security Key Support to iOS &amp; Android 🕴</strong><br><br><code>Facebook&apos;s announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.</code><br><br><a href="https://www.darkreading.com/endpoint/facebook-expands-security-key-support-to-ios-and-android/d/d-id/1340457?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25147">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:22:52">
19:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Tech Vendors&apos; Lack of Security Transparency Worries Firms 🕴</strong><br><br><code>A majority of firms say they&apos;re more likely to buy from suppliers that are open about security issues -- yet that sentiment isn&apos;t necessarily reflected in the technology providers they&apos;re currently working with.</code><br><br><a href="https://www.darkreading.com/operations/tech-vendors-lack-of-security-transparency-worries-firms/d/d-id/1340455?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25148">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:28">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-3416 ‼</strong><br><br><code>A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25149">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:29">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25764 ‼</strong><br><br><code>In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25764">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25150">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:30">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-26886 ‼</strong><br><br><code>Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25151">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:31">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2019-14851 ‼</strong><br><br><code>A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25152">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:32">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2019-14852 ‼</strong><br><br><code>A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25153">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:36">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-9367 ‼</strong><br><br><code>The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25154">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:37">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36144 ‼</strong><br><br><code>Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[&quot;email&quot;], request.form[&quot;password&quot;]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {&quot;username&quot;: username} code lacks sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25155">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:38">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-26797 ‼</strong><br><br><code>Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26797">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25156">

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 19:37:39">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27358 ‼</strong><br><br><code>The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25157">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2021 21:32:31">
21:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27436 ‼</strong><br><br><code>WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27436">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-801">

      <div class="body details">
19 March 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25158">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:47">
02:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25293 ‼</strong><br><br><code>An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25159">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:48">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-3327 ‼</strong><br><br><code>Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3327">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25160">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:49">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-21384 ‼</strong><br><br><code>shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21384">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25161">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:50">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-25290 ‼</strong><br><br><code>An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25290">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25162">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:50">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-6577 ‼</strong><br><br><code>The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25163">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:54">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28653 ‼</strong><br><br><code>The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25164">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:55">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26275 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25165">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:56">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28126 ‼</strong><br><br><code>index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25166">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:57">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-6578 ‼</strong><br><br><code>Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25167">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:32:57">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-25292 ‼</strong><br><br><code>An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25168">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:33:01">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-25289 ‼</strong><br><br><code>An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25169">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:33:02">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27221 ‼</strong><br><br><code>** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor&apos;s position is that this is intended behavior because of how user policies work.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25170">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:33:03">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-28110 ‼</strong><br><br><code>/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25171">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:33:04">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27928 ‼</strong><br><br><code>A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25172">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:33:05">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-25291 ‼</strong><br><br><code>An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25173">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 02:33:09">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-28109 ‼</strong><br><br><code>TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25174">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 07:57:34">
07:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Want to be an ethical hacker? Take these cybersecurity courses 🦿</strong><br><br><code>In these 18 online training courses on ethical hacking, cybersecurity pros will teach you about creating projects with Python, bug bounty hunting, Kali Linux hacker tools and much more.</code><br><br><a href="https://www.techrepublic.com/article/want-to-be-an-ethical-hacker-take-these-cybersecurity-courses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25175">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 12:23:21">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Russian Man Pleads Guilty in Thwarted Tesla Hack 🕴</strong><br><br><code>Egor Kriuchkov will be sentenced in May on conspiracy charge</code><br><br><a href="https://www.darkreading.com/attacks-breaches/russian-man-pleads-guilty-in-thwarted-tesla-hack/d/d-id/1340463?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25176">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 12:27:39">
12:27
       </div>

       <div class="text">
<strong>🦿 Business email compromise scams proved costly to victims in 2020 🦿</strong><br><br><code>The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion.</code><br><br><a href="https://www.techrepublic.com/article/business-email-compromise-scams-proved-costly-to-victims-in-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25177">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 12:36:16">
12:36
       </div>

       <div class="text">
<strong>❌ Bogus Android Clubhouse App Drops Credential-Swiping Malware ❌</strong><br><br><code>The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon.</code><br><br><a href="https://threatpost.com/android-clubhouse-app-malware/164915/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25178">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 12:53:21">
12:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes 🕴</strong><br><br><code>Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/solarwinds-linked-attackers-target-microsoft-365-mailboxes/d/d-id/1340467?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25179">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 13:33:18">
13:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27506 ‼</strong><br><br><code>In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27506">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25180">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 13:45:48">
13:45
       </div>

       <div class="text">
<strong>🔏 Friday Five 3/19 🔏</strong><br><br><code>Stolen phone access, cybersecurity in national security, and the theft of NFTs - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-3/19">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25181">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:27:43">
15:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to use semanage and avoid disabling SELinux 🦿</strong><br><br><code>Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier.</code><br><br><a href="https://www.techrepublic.com/article/how-to-use-semanage-and-avoid-disabling-selinux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25182">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:24">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-4635 ‼</strong><br><br><code>IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4635">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25183">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:25">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-25277 ‼</strong><br><br><code>FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25184">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:26">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-25278 ‼</strong><br><br><code>FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25185">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:27">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27906 ‼</strong><br><br><code>A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25186">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:28">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27807 ‼</strong><br><br><code>A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25187">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:32">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21390 ‼</strong><br><br><code>MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using &quot;aws-chunked&quot; encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25188">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:33:33">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21387 ‼</strong><br><br><code>Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21387">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25189">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:36:27">
15:36
       </div>

       <div class="text">
<strong>❌ Office 365 Phishing Attack Targets Financial Execs ❌</strong><br><br><code>Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.</code><br><br><a href="https://threatpost.com/office-365-phishing-attack-financial-execs/164925/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25190">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 15:53:28">
15:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Verkada Attacker Charged with Wire Fraud, Conspiracy in US 🕴</strong><br><br><code>Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/verkada-attacker-charged-with-wire-fraud-conspiracy-in-us/d/d-id/1340469?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25191">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:30">
17:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20077 ‼</strong><br><br><code>Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20077">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25192">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:31">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27520 ‼</strong><br><br><code>A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the &quot;author&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27520">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25193">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:32">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27519 ‼</strong><br><br><code>A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the &quot;srch&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27519">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25194">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:33">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-26990 ‼</strong><br><br><code>Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25195">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:34">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-10127 ‼</strong><br><br><code>A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25196">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:38">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-26991 ‼</strong><br><br><code>Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25197">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 17:33:39">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-26992 ‼</strong><br><br><code>Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26992">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25198">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 18:06:27">
18:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical F5 BIG-IP Flaw Now Under Active Attack ❌</strong><br><br><code>Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure.</code><br><br><a href="https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25199">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 18:23:33">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Malware Hidden in Apple IDE Targets macOS Developers 🕴</strong><br><br><code>XcodeSpy is latest example of growing attacks on software supply chain.</code><br><br><a href="https://www.darkreading.com/application-security/new-malware-hidden-in-apple-ide-targets-macos-developers/d/d-id/1340471?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25200">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 18:27:45">
18:27
       </div>

       <div class="text">
<strong>🦿 PS5 phishing scam baits gamers with promise of free console 🦿</strong><br><br><code>Scammers are taking advantage of a shortage of Sony PlayStation 5 consoles to try to hoodwink people eager to snag one, says Kaspersky.</code><br><br><a href="https://www.techrepublic.com/article/ps5-phishing-scam-baits-gamers-with-promise-of-free-console/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25201">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:36">
19:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-10151 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25202">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:37">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-10128 ‼</strong><br><br><code>A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25203">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:38">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-10200 ‼</strong><br><br><code>A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25204">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:39">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-14828 ‼</strong><br><br><code>A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14828">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25205">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:40">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-10196 ‼</strong><br><br><code>A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10196">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25206">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:44">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-14830 ‼</strong><br><br><code>A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user&apos;s mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is &quot;via the app&quot;).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25207">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:45">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-10225 ‼</strong><br><br><code>A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn&apos;t sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25208">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:45">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21267 ‼</strong><br><br><code>Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn&apos;t vulnerable to ReDoS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25209">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:46">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-14829 ‼</strong><br><br><code>A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25210">

      <div class="body">

       <div class="pull_right date details" title="19.03.2021 19:33:47">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-14831 ‼</strong><br><br><code>A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum&apos;s subscription mode was set to &quot;forced subscription&quot;, the forum&apos;s subscribe link contained an open redirect.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-802">

      <div class="body details">
20 March 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25211">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.03.2021 21:35:04">
21:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27171 ‼</strong><br><br><code>An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25212">

      <div class="body">

       <div class="pull_right date details" title="20.03.2021 21:35:05">
21:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-27170 ‼</strong><br><br><code>An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-803">

      <div class="body details">
21 March 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25213">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.03.2021 07:35:31">
07:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28961 ‼</strong><br><br><code>applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25214">

      <div class="body">

       <div class="pull_right date details" title="21.03.2021 07:35:32">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-28957 ‼</strong><br><br><code>lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25215">

      <div class="body">

       <div class="pull_right date details" title="21.03.2021 07:35:33">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-28954 ‼</strong><br><br><code>In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25216">

      <div class="body">

       <div class="pull_right date details" title="21.03.2021 07:35:33">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-28953 ‼</strong><br><br><code>The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28953">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25217">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.03.2021 19:36:05">
19:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13963 ‼</strong><br><br><code>SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13963">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-804">

      <div class="body details">
22 March 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25218">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 11:37:06">
11:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26295 ‼</strong><br><br><code>Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25219">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 11:37:07">
11:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-28501 ‼</strong><br><br><code>This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28501">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25220">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 12:55:03">
12:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Instagram scams and how to avoid them ⚠</strong><br><br><code>Don&apos;t get taken for a sucker on social media! Here are our top tips to protect you from Instagram scams...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/03/22/instagram-scams-and-how-to-avoid-them/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25221">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 12:55:04">
12:55
       </div>

       <div class="text">
<strong>🕴 The Edge Pro Tip: The Feds Are Your Friends 🕴</strong><br><br><code>Here&apos;s what to expect when you report an insider incident to the FBI.</code><br><br><a href="https://www.darkreading.com/edge/theedge/the-edge-pro-tip-the-feds-are-your-friends/b/d-id/1340475?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25222">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 12:55:05">
12:55
       </div>

       <div class="text">
<strong>🕴 3 Classes of Account Fraud That Can Cost Your Company Big Time 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/edge/theedge/3-classes-of-account-fraud-that-can-cost-your-company-big-time/b/d-id/1340473?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25223">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:01:07">
13:01
       </div>

       <div class="text">
<strong>🦿 Cloudflare introduces SD-WAN- and firewall-as-a-service offerings 🦿</strong><br><br><code>In a bid to replace MPLS circuits and SD-WAN appliances, Cloudflare has introduced Magic WAN and Magic Firewall and partnerships with VMware, Aruba, Digital Realty, CoreSite and EdgeConneX.</code><br><br><a href="https://www.techrepublic.com/article/cloudflare-introduces-sd-wan-and-firewall-as-a-service-offerings/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25224">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:09:14">
13:09
       </div>

       <div class="text">
<strong>❌ Adobe Fixes Critical ColdFusion Flaw in Emergency Update ❌</strong><br><br><code>Attackers can leverage the critical Adobe ColdFusion flaw to launch arbitrary code execution attacks.</code><br><br><a href="https://threatpost.com/adobe-critical-coldfusion-flaw-update/164946/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25225">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:37:14">
13:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28147 ‼</strong><br><br><code>The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn&apos;t supposed to have.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25226">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:37:15">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28148 ‼</strong><br><br><code>One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25227">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:37:16">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27962 ‼</strong><br><br><code>Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27962">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25228">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:37:17">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28146 ‼</strong><br><br><code>The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn&apos;t supposed to have.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25229">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 13:37:18">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27308 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the &quot;redirect&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25230">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 14:25:05">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Top 3 Cybersecurity Lessons Learned From the Pandemic 🕴</strong><br><br><code>Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.</code><br><br><a href="https://www.darkreading.com/operations/top-3-cybersecurity-lessons-learned-from-the-pandemic/a/d-id/1340375?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25231">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 14:55:07">
14:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – “XcodeSpy” takes aim at Mac and iOS developers ⚠</strong><br><br><code>New episode - watch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/03/22/naked-security-live-xcodespy-takes-aim-at-mac-and-ios-developers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25232">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:25:49">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Qualys CEO Courtot Departs for Health Reasons 🕴</strong><br><br><code>The well-known security industry entrepreneur initially took a leave of absence in February.</code><br><br><a href="https://www.darkreading.com/careers-and-people/qualys-ceo-courtot-departs-for-health-reasons/d/d-id/1340476?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25233">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:26">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27595 ‼</strong><br><br><code>When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25234">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:27">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28971 ‼</strong><br><br><code>In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25235">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:28">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27593 ‼</strong><br><br><code>When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25236">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:29">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28968 ‼</strong><br><br><code>An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25237">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:30">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27596 ‼</strong><br><br><code>When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25238">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:34">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27594 ‼</strong><br><br><code>When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25239">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:35">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4882 ‼</strong><br><br><code>IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25240">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 15:37:36">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28972 ‼</strong><br><br><code>In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name &apos;\0&apos; termination, aka CID-cc7a0bb058b8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25241">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 16:09:20">
16:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Security Bugs Fixed in Virtual Learning Software ❌</strong><br><br><code>Remote ed software bugs give attackers wide access student computers, data.</code><br><br><a href="https://threatpost.com/security-bugs-virtual-learning-software/164953/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25242">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:18:18">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 U.S. Indicts Swiss Hacker Responsible for Security Camera Hack, Data Theft 🔏</strong><br><br><code>While only 21, the Swiss &quot;hacktivist&quot; has hacked dozens of companies and published data like source code, files, and other proprietary information online.</code><br><br><a href="https://digitalguardian.com/blog/us-indicts-swiss-hacker-responsible-security-camera-hack-data-theft">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25243">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:25:20">
17:25
       </div>

       <div class="text">
<strong>🕴 CSA &amp; ISACA Team Up on Cloud Auditing Certificate 🕴</strong><br><br><code>The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.</code><br><br><a href="https://www.darkreading.com/cloud/csa-and-isaca-team-up-on-cloud-auditing-certificate/d/d-id/1340480?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25244">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:23">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22309 ‼</strong><br><br><code>There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22309">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25245">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:24">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22310 ‼</strong><br><br><code>There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25246">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:25">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-9212 ‼</strong><br><br><code>There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25247">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:26">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-9206 ‼</strong><br><br><code>The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9206">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25248">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:27">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-9213 ‼</strong><br><br><code>There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9213">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25249">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:31">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22311 ‼</strong><br><br><code>There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25250">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:32">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-26578 ‼</strong><br><br><code>A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25251">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:32">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22320 ‼</strong><br><br><code>There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25252">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 17:37:33">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25265 ‼</strong><br><br><code>A malicious website could execute code remotely in Sophos Connect Client before version 2.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25265">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25253">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 18:09:27">
18:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ CISA Warns of Security Flaws in GE Power Management Devices ❌</strong><br><br><code>The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.</code><br><br><a href="https://threatpost.com/cisa-security-flaws-ge-power-management/164961/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25254">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 18:59:25">
18:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 7 expert tips on recruiting cybersecurity pros 🦿</strong><br><br><code>HR and recruiting experts offer unique ways to find and hire cybersecurity talent.</code><br><br><a href="https://www.techrepublic.com/article/experts-chime-in-on-how-to-fill-vacant-cybersecurity-positions/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25255">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:25:05">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Acer Reportedly Hit With $50M Ransomware Attack 🕴</strong><br><br><code>Reports say a ransomware gang has given Acer until March 28 to pay, or it will double the ransom amount.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/acer-reportedly-hit-with-%2450m-ransomware-attack/d/d-id/1340481?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25256">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:30">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25918 ‼</strong><br><br><code>In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25257">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:31">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22314 ‼</strong><br><br><code>There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25258">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:32">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25919 ‼</strong><br><br><code>In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25259">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:33">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25921 ‼</strong><br><br><code>In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25260">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:33">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25917 ‼</strong><br><br><code>In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25261">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:37">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25922 ‼</strong><br><br><code>In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25262">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:38">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22321 ‼</strong><br><br><code>There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25263">

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:37:39">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25920 ‼</strong><br><br><code>In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25264">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.03.2021 19:55:50">
19:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Researchers Discover Two Dozen Malicious Chrome Extensions 🕴</strong><br><br><code>Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/researchers-discover-two-dozen-malicious-chrome-extensions/d/d-id/1340482?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-805">

      <div class="body details">
23 March 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25265">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:50">
02:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21341 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25266">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:51">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21346 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25267">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:52">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21338 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25268">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:53">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21340 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25269">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:53">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21349 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25270">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:57">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21351 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25271">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:58">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21350 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25272">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:37:59">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21355 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25273">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:00">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21343 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25274">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:01">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21357 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25275">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:05">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21342 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21342">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25276">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:05">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21359 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25277">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:06">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21370 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25278">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:07">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21348 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25279">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:08">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21347 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25280">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:12">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21339 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25281">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:12">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21358 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25282">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:13">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21344 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25283">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 02:38:14">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21345 ‼</strong><br><br><code>XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the Security Framework, you will have to use at least version 1.4.16.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25284">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:03">
07:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29077 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29077">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25285">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:04">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29067 ‼</strong><br><br><code>Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25286">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:04">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29079 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25287">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:05">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29076 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29076">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25288">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:06">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29068 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25289">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:10">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29080 ‼</strong><br><br><code>Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29080">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25290">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:11">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29071 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25291">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:12">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29082 ‼</strong><br><br><code>Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25292">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:13">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29081 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29081">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25293">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:14">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29069 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25294">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:18">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29066 ‼</strong><br><br><code>Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25295">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:18">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29070 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29070">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25296">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:19">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29065 ‼</strong><br><br><code>NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29065">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25297">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:20">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29073 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25298">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:21">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29072 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25299">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:25">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29074 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29074">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25300">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:26">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29078 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25301">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 07:38:27">
07:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29075 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25302">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 11:29:47">
11:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Phony COVID-19 vaccine certificates are now selling on the Dark Web 🦿</strong><br><br><code>With most of the world still not vaccinated against COVID-19, criminals are hawking fake vaccine documents, says Check Point Research.</code><br><br><a href="https://www.techrepublic.com/article/phony-covid-19-vaccine-certificates-are-now-selling-on-the-dark-web/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25303">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 11:40:05">
11:40
       </div>

       <div class="text">
<strong>❌ Energy Giant Shell Is Latest Victim of Accellion Attacks ❌</strong><br><br><code>Attackers accessed personal and business data from the company’s legacy file-transfer service in a recent data-security incident but core IT systems remained untouched.</code><br><br><a href="https://threatpost.com/shell-victim-of-accellion-attacks/164973/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25304">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 12:26:22">
12:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cartoon Caption Winner: In Hot Water 🕴</strong><br><br><code>And the winner of The Edge&apos;s March cartoon caption contest is ...</code><br><br><a href="https://www.darkreading.com/edge/theedge/cartoon-caption-winner-in-hot-water/b/d-id/1340474?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25305">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 12:59:49">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How remote working still poses security risks for organizations 🦿</strong><br><br><code>A year after the transition to remote working, many organizations continue to grapple with security issues and weaknesses, says PC Matic.</code><br><br><a href="https://www.techrepublic.com/article/how-remote-working-still-poses-security-risks-for-organizations/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25306">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:17">
13:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27529 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the &quot;limit&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25307">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:18">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27531 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the &quot;query&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27531">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25308">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:19">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27527 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the &quot;valueID&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25309">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:20">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27309 ‼</strong><br><br><code>Clansphere CMS 2011.4 allows unauthenticated reflected XSS via &quot;module&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27309">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25310">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:21">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27528 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the &quot;refID&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25311">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:25">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27969 ‼</strong><br><br><code>Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder &quot;width&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25312">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:26">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27530 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27530">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25313">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:27">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27310 ‼</strong><br><br><code>Clansphere CMS 2011.4 allows unauthenticated reflected XSS via &quot;language&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25314">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 13:38:28">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27526 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the &quot;page&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25315">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 14:05:11">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Global Socket 1.4.27 🛠</strong><br><br><code>Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL&apos;s SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.</code><br><br><a href="https://packetstormsecurity.com/files/161936/gsocket-1.4.27.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25316">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 14:10:11">
14:10
       </div>

       <div class="text">
<strong>❌ Podcast: Microsoft Exchange Server Attack Onslaught Continues ❌</strong><br><br><code>Derek Manky, Chief of Security Insights &amp; Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week.</code><br><br><a href="https://threatpost.com/podcast-microsoft-exchange-server-attack-onslaught-continues/164968/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25317">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 14:26:25">
14:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Disrupting the Cybercriminal Supply Chain 🕴</strong><br><br><code>It is time to turn the tables on cybercriminals and use their own tactics against them.</code><br><br><a href="https://www.darkreading.com/operations/disrupting-the-cybercriminal-supply-chain/a/d-id/1340421?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25318">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:30">
15:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23362 ‼</strong><br><br><code>The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25319">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:31">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-12483 ‼</strong><br><br><code>The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12483">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25320">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:32">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-7346 ‼</strong><br><br><code>Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker&apos;s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25321">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:33">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21377 ‼</strong><br><br><code>OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21377">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25322">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:34">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21376 ‼</strong><br><br><code>OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25323">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:38">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-23274 ‼</strong><br><br><code>The Config UI component of TIBCO Software Inc.&apos;s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.&apos;s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25324">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:39">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20222 ‼</strong><br><br><code>A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25325">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:40">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20227 ‼</strong><br><br><code>A flaw was found in SQLite&apos;s SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25326">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:41">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20219 ‼</strong><br><br><code>A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata-&gt;read_head, and a missing sanity check) and cause a threat to the system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25327">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:38:41">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20270 ‼</strong><br><br><code>An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the &quot;exception&quot; keyword.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25328">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 15:59:51">
15:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why it&apos;s time the Android developers rethink WebView 🦿</strong><br><br><code>Jack Wallen offers up his take on the recent issue surrounding Android&apos;s WebView.</code><br><br><a href="https://www.techrepublic.com/article/why-its-time-the-android-developers-rethink-webview/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25329">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 16:56:29">
16:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Do Cybercriminals Fear Arrest? 🕴</strong><br><br><code>Researchers explore how cybercriminals weigh the possibility of arrest and whether it deters criminal activity.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/do-cybercriminals-fear-arrest/d/d-id/1340490?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25330">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:10:17">
17:10
       </div>

       <div class="text">
<strong>❌ Hobby Lobby Exposes Customer Data in Cloud Misconfiguration ❌</strong><br><br><code>The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.</code><br><br><a href="https://threatpost.com/hobby-lobby-customer-data-cloud-misconfiguration/164980/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25331">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:10:18">
17:10
       </div>

       <div class="text">
<strong>❌ Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail ❌</strong><br><br><code>A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.</code><br><br><a href="https://threatpost.com/office-365-cyberattack-disgruntled-contractor-jail/164986/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25332">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:10:19">
17:10
       </div>

       <div class="text">
<strong>❌ MangaDex Site Offline Following Hacking Incident ❌</strong><br><br><code>A cyberattacker taunted the site about open security vulnerabilities, prompting a code review.</code><br><br><a href="https://threatpost.com/mangadex-site-offline-hacking/164983/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25333">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:29:52">
17:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Gartner: Top security and risk management trends for 2021 🦿</strong><br><br><code>The 8 top trends cited will enable rapid reinvention, including the skills gap, cybersecurity mesh and identity-first security.</code><br><br><a href="https://www.techrepublic.com/article/gartner-top-security-and-risk-management-trends-for-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25334">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:38:25">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21401 ‼</strong><br><br><code>Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21401">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25335">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:38:26">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3444 ‼</strong><br><br><code>The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (&quot;bpf: Fix truncation handling for mod32 dst reg wrt zero&quot;) and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3444">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25336">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:41:27">
17:41
       </div>

       <div class="text">
<strong>❌ Security Analysis Clears TikTok of Censorship, Privacy Accusations   ❌</strong><br><br><code>TikTok’s source code is in line with industry standards, security researchers say.</code><br><br><a href="https://threatpost.com/security-analysis-tiktok-censorship-privacy/164990/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25337">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 17:56:30">
17:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Organizations Making Little Headway in Addressing Human Risk 🕴</strong><br><br><code>Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/organizations-making-little-headway-in-addressing-human-risk/d/d-id/1340491?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25338">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 18:26:30">
18:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Disgruntled IT Contractor Sentenced in Retaliatory Office 365 Attack 🕴</strong><br><br><code>Former contractor deleted 1,200 user accounts in revenge.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/disgruntled-it-contractor-sentenced-in-retaliatory-office-365-attack/d/d-id/1340492?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25339">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:26:31">
19:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Anti-Spoofing for Email Gains Adoption, but Enforcement Lags 🕴</strong><br><br><code>More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.</code><br><br><a href="https://www.darkreading.com/application-security/anti-spoofing-for-email-gains-adoption-but-enforcement-lags/d/d-id/1340497?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25340">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:26:32">
19:26
       </div>

       <div class="text">
<strong>🕴 Inside the Web Shell Used in the Microsoft Exchange Server Attacks 🕴</strong><br><br><code>The history and details of China Chopper - a Web shell commonly seen in the widespread Microsoft Exchange Server attacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/inside-the-web-shell-used-in-the-microsoft-exchange-server-attacks/d/d-id/1340498?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25341">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:29:54">
19:29
       </div>

       <div class="text">
<strong>🦿 REvil continues ransomware attack streak with takeover of laptop maker Acer 🦿</strong><br><br><code>REvil previously infected the networks of Honda, the makers of Jack Daniels and a high-profile law firm representing Donald Trump.</code><br><br><a href="https://www.techrepublic.com/article/revil-continues-ransomware-attack-streak-with-takeover-of-laptop-maker-acer/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25342">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:31">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28100 ‼</strong><br><br><code>Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28100">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25343">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:31">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2019-19343 ‼</strong><br><br><code>A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25344">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:32">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3409 ‼</strong><br><br><code>The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3409">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25345">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:33">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21402 ‼</strong><br><br><code>Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server&apos;s file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21402">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25346">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:34">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27908 ‼</strong><br><br><code>In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25347">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:38">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28823 ‼</strong><br><br><code>The Windows Installation component of TIBCO Software Inc.&apos;s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.&apos;s TIBCO eFTL - Community Edition: versions 6.5.0 and below, TIBCO eFTL - Developer Edition: versions 6.5.0 and below, and TIBCO eFTL - Enterprise Edition: versions 6.5.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25348">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:38">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28099 ‼</strong><br><br><code>In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28099">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25349">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:39">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28824 ‼</strong><br><br><code>The Windows Installation component of TIBCO Software Inc.&apos;s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.&apos;s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28824">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25350">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:40">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28819 ‼</strong><br><br><code>The Windows Installation component of TIBCO Software Inc.&apos;s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.&apos;s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28819">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25351">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:41">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28820 ‼</strong><br><br><code>The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.&apos;s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.&apos;s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25352">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:45">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28822 ‼</strong><br><br><code>The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.&apos;s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.&apos;s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25353">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:46">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-24994 ‼</strong><br><br><code>Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25354">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:47">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28817 ‼</strong><br><br><code>The Windows Installation component of TIBCO Software Inc.&apos;s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.&apos;s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25355">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:47">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3392 ‼</strong><br><br><code>A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object &apos;req&apos; from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25356">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:48">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28818 ‼</strong><br><br><code>The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.&apos;s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.&apos;s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25357">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 19:38:52">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-28821 ‼</strong><br><br><code>The Windows Installation component of TIBCO Software Inc.&apos;s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.&apos;s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28821">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25358">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 20:55:37">
20:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ BlackKingdom ransomware still exploiting insecure Exchange servers ⚠</strong><br><br><code>Remember Hafnium? Here&apos;s the bad news - it&apos;s not over yet! Learn why and what to do...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/03/23/blackkingdom-ransomware-still-exploiting-insecure-exchange-servers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25359">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:37">
21:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13606 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13606">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25360">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:38">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13605 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25361">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:40">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13607 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25362">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:41">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13604 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13604">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25363">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:42">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13611 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25364">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:43">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13609 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25365">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:44">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-22864 ‼</strong><br><br><code>A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25366">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:45">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13612 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13612">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25367">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:46">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13608 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13608">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25368">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:47">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13610 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13610">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25369">

      <div class="body">

       <div class="pull_right date details" title="23.03.2021 21:38:48">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21380 ‼</strong><br><br><code>XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-806">

      <div class="body details">
11 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25370">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 07:36:38">
07:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28814 ‼</strong><br><br><code>An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25371">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 08:44:53">
08:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Hackers Steal FIFA 21 Source Code, Tools in EA Breach ❌</strong><br><br><code>Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.</code><br><br><a href="https://threatpost.com/hackers-fifa-21-source-code/166829/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25372">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 09:44:55">
09:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Police Grab Slilpp, Biggest Stolen-Logins Market ❌</strong><br><br><code>There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.</code><br><br><a href="https://threatpost.com/police-slilpp-market-stolen-logins/166812/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25373">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 11:16:06">
11:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Secure Access Trade-offs for DevSecOps Teams 🕴</strong><br><br><code>Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/secure-access-trade-offs-for-devsecops-teams/a/d-id/1341211?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25374">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 11:36:50">
11:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26829 ‼</strong><br><br><code>OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25375">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 11:44:58">
11:44
       </div>

       <div class="text">
<strong>❌ Monumental Supply-Chain Attack on Airlines Traced to State Actor ❌</strong><br><br><code>Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.</code><br><br><a href="https://threatpost.com/supply-chain-attack-airlines-state-actor/166842/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25376">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 12:16:10">
12:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Many Mobile Apps Intentionally Using Insecure Connections for Sending Data 🕴</strong><br><br><code>A new analysis of iOS and Android apps released to Apple&apos;s and Google&apos;s app stores over the past five years found many to be deliberately breaking HTTPS protections.</code><br><br><a href="https://www.darkreading.com/mobile/many-mobile-apps-intentionally-using-insecure-connections-for-sending-data/d/d-id/1341276?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25377">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 12:42:23">
12:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 6/11 🔏</strong><br><br><code>TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-6/11">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25378">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 12:45:24">
12:45
       </div>

       <div class="text">
<strong>🛠 GNU Privacy Guard 2.2.28 🛠</strong><br><br><code>GnuPG (the GNU Privacy Guard or GPG) is GNU&apos;s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.</code><br><br><a href="https://packetstormsecurity.com/files/163095/gnupg-2.2.28.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25379">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 12:45:25">
12:45
       </div>

       <div class="text">
<strong>🛠 nfstream 6.3.2 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/163096/nfstream-6.3.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25380">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:36:58">
13:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25401 ‼</strong><br><br><code>Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25401">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25381">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:36:59">
13:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-25385 ‼</strong><br><br><code>An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25382">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:37:00">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25397 ‼</strong><br><br><code>An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25397">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25383">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:39:57">
13:39
       </div>

       <div class="text">
<strong>⚠ Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now! ⚠</strong><br><br><code>Patch early. Patch often. Patch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/10/chrome-zero-day-hot-on-the-heels-of-microsofts-ie-zero-day-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25384">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:39:58">
13:39
       </div>

       <div class="text">
<strong>⚠ ALPACA – the wacky TLS security vulnerability with a funky name ⚠</strong><br><br><code>Don&apos;t panic - this isn&apos;t another Heartbleed. But it&apos;s a fascinating reminder of why doing things the easy way isn&apos;t always the best way.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/11/alpaca-the-wacky-tls-security-vulnerability-with-a-funky-name/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25385">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:39:59">
13:39
       </div>

       <div class="text">
<strong>⚠ S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/10/s3-ep36-trickbot-coder-busted-passwords-cracked-and-breaches-judged-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25386">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:42:58">
13:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-25419 ‼</strong><br><br><code>Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25419">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25387">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:42:59">
13:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-29754 ‼</strong><br><br><code>IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25388">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:43:00">
13:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-5003 ‼</strong><br><br><code>IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25389">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:43:01">
13:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-25425 ‼</strong><br><br><code>Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25425">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25390">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:45:59">
13:45
       </div>

       <div class="text">
<strong>❌ Cyberpunk 2077 Hacked Data Circulating Online ❌</strong><br><br><code>CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.</code><br><br><a href="https://threatpost.com/cyberpunk-2077-hacked-data-online/166852/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25391">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 13:51:15">
13:51
       </div>

       <div class="text">
<strong>🕴 Details Emerge on How Gaming Giant EA Was Hacked 🕴</strong><br><br><code>Hacking group stole source code to FIFA 21 and the company&apos;s Frostbite engine.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/details-emerge-on-how-gaming-giant-ea-was-hacked/d/d-id/1341277?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25392">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:21:35">
15:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Fallout of EA source code breach could be severe, cybersecurity experts say 🦿</strong><br><br><code>Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA&apos;s death knell in the process.</code><br><br><a href="https://www.techrepublic.com/article/fallout-of-ea-source-code-breach-could-be-severe-cybersecurity-experts-say/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25393">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:37:02">
15:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-6000 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25394">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:37:03">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-23136 ‼</strong><br><br><code>Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25395">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:43:04">
15:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-22913 ‼</strong><br><br><code>Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25396">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:43:05">
15:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-28211 ‼</strong><br><br><code>A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28211">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25397">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:43:06">
15:43
       </div>

       <div class="text">
<strong>‼ CVE-2017-3905 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3905">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25398">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:46:11">
15:46
       </div>

       <div class="text">
<strong>❌ REvil Hits US Nuclear Weapons Contractor: Report ❌</strong><br><br><code>&quot;We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)&quot; REvil reportedly wrote.</code><br><br><a href="https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25399">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:46:12">
15:46
       </div>

       <div class="text">
<strong>❌ Baby Clothes Giant Carter’s Leaks 410K Customer Records ❌</strong><br><br><code>Purchase automation software delivered shortened URLs without protections.</code><br><br><a href="https://threatpost.com/baby-clothes-carters-leaks-customer-records/166866/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25400">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:49:06">
15:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-22753 ‼</strong><br><br><code>A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22753">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25401">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:52:07">
15:52
       </div>

       <div class="text">
<strong>‼ CVE-2021-22915 ‼</strong><br><br><code>Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25402">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:52:08">
15:52
       </div>

       <div class="text">
<strong>‼ CVE-2021-0491 ‼</strong><br><br><code>In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0491">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25403">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 15:52:09">
15:52
       </div>

       <div class="text">
<strong>‼ CVE-2021-23204 ‼</strong><br><br><code>Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23204">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25404">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 17:21:20">
17:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 McDonald&apos;s Data Breach Exposed Business &amp; Customer Data 🕴</strong><br><br><code>An investigation has revealed company data has been breached in the United States, South Korea, and Taiwan.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/mcdonalds-data-breach-exposed-business-and-customer-data/d/d-id/1341282?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25405">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 17:37:08">
17:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27200 ‼</strong><br><br><code>In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25406">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 17:51:22">
17:51
       </div>

       <div class="text">
<strong>🕴 Trickbot Investigation Shows Details of Massive Cybercrime Effort 🕴</strong><br><br><code>Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/trickbot-investigation-shows-details-of-massive-cybercrime-effort/d/d-id/1341283?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25407">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 18:15:12">
18:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC ❌</strong><br><br><code>A trio of security flaws open the door to remote-code execution and a malware tsunami.</code><br><br><a href="https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25408">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 18:18:14">
18:18
       </div>

       <div class="text">
<strong>🦿 McDonald&apos;s suffers cyberattack in US, South Korea and Taiwan 🦿</strong><br><br><code>The restaurant chain reportedly said no U.S. customer data was exposed and the attack did not involve ransomware.</code><br><br><a href="https://www.techrepublic.com/article/mcdonalds-suffers-cyberattack-in-us-south-korea-and-taiwan/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25409">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:37:14">
19:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2017-5730 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5730">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25410">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:37:15">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2017-5755 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25411">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:37:16">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2017-3918 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25412">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:37:17">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2017-3913 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25413">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:43:17">
19:43
       </div>

       <div class="text">
<strong>‼ CVE-2017-3919 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25414">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:43:18">
19:43
       </div>

       <div class="text">
<strong>‼ CVE-2017-5690 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25415">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:43:19">
19:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-34679 ‼</strong><br><br><code>Thycotic Password Reset Server before 5.3.0 allows credential disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25416">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 19:43:20">
19:43
       </div>

       <div class="text">
<strong>‼ CVE-2017-5765 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25417">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:37:22">
21:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-12909 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12909">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25418">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:37:23">
21:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12999 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25419">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:37:24">
21:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-13007 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25420">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:43:23">
21:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-12975 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25421">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:43:24">
21:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-12923 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25422">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:43:25">
21:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-12997 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25423">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:48:01">
21:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-12971 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25424">

      <div class="body">

       <div class="pull_right date details" title="11.06.2021 21:48:02">
21:48
       </div>

       <div class="text">
<strong>‼ CVE-2008-2660 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2660">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-807">

      <div class="body details">
12 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25425">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.06.2021 02:37:52">
02:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32552 ‼</strong><br><br><code>It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25426">

      <div class="body">

       <div class="pull_right date details" title="12.06.2021 02:37:53">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-32551 ‼</strong><br><br><code>It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25427">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.06.2021 09:38:23">
09:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31811 ‼</strong><br><br><code>In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31811">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25428">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.06.2021 19:45:28">
19:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34682 ‼</strong><br><br><code>Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-808">

      <div class="body details">
13 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25429">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.06.2021 09:22:25">
09:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23394 ‼</strong><br><br><code>The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-809">

      <div class="body details">
14 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25430">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 07:37:12">
07:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21439 ‼</strong><br><br><code>DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25431">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 10:23:31">
10:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Colonial Pipeline Cyberattack Proves a Single Password Isn&apos;t Enough 🕴</strong><br><br><code>Since the attack, it&apos;s been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.</code><br><br><a href="https://www.darkreading.com/omdia/colonial-pipeline-cyberattack-proves-a-single-password-isnt-enough/a/d-id/1341278?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25432">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 10:53:32">
10:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Toon: Sight Unseen 🕴</strong><br><br><code>Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/name-that-toon-sight-unseen/a/d-id/1341287?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25433">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 11:23:31">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Know Thy Enemy: Fighting Half-Blind Against Ransomware Won&apos;t Work 🕴</strong><br><br><code>We lack reliable, representative, actionable data about ransomware&apos;s actual scope, scale, and impact. The Ransom Incident Response Network could change that.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/know-thy-enemy-fighting-half-blind-against-ransomware-wont-work/a/d-id/1341254?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 12:17:08">
12:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Volkswagen Vendor Exposed Data of 3.3m Drivers ❌</strong><br><br><code>Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.</code><br><br><a href="https://threatpost.com/vw-data-3m-audi-drivers/166892/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25435">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 13:37:40">
13:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24350 ‼</strong><br><br><code>The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user&apos;s user agent string without validation or encoding within the WordPress admin panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25436">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 13:37:41">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-24349 ‼</strong><br><br><code>This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25437">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 13:37:42">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-24355 ‼</strong><br><br><code>In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25438">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 14:47:13">
14:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Moobot Milks Tenda Router Bugs for Propagation ❌</strong><br><br><code>An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.</code><br><br><a href="https://threatpost.com/moobot-tenda-router-bugs/166902/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25439">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 15:18:01">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why employees need counterespionage training 🦿</strong><br><br><code>Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company&apos;s vital intellectual property.</code><br><br><a href="https://www.techrepublic.com/article/why-employees-need-counterespionage-training/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25440">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 15:37:46">
15:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32682 ‼</strong><br><br><code>elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25441">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 15:53:41">
15:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Top 20 Secure-Coding List Positions PLCs as Plant &apos;Bodyguards&apos; 🕴</strong><br><br><code>Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/new-top-20-secure-coding-list-positions-plcs-as-plant-bodyguards/d/d-id/1341289?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25442">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 17:14:19">
17:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Colorado Passes State Privacy Act, Poised to Become Law 🔏</strong><br><br><code>Once it&apos;s signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.</code><br><br><a href="https://digitalguardian.com/blog/colorado-passes-state-privacy-act-poised-become-law">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25443">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 17:23:46">
17:23
       </div>

       <div class="text">
<strong>🕴 Google Workspace Adds Client-Side Encryption 🕴</strong><br><br><code>Users given control over encryption keys, Google says.</code><br><br><a href="https://www.darkreading.com/cloud/google-workspace-adds-client-side-encryption/d/d-id/1341292?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25444">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 17:37:50">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-21556 ‼</strong><br><br><code>Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25445">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 17:46:33">
17:46
       </div>

       <div class="text">
<strong>❌ Utilities ‘Concerningly’ at Risk from Active Exploits ❌</strong><br><br><code>Utilities’ vulnerability to application exploits goes from bad to worse in just weeks.  </code><br><br><a href="https://threatpost.com/utilities-risk-active-exploits/166908/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25446">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 18:23:49">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cyber Analytics Database Exposed 5 Billion Records Online 🕴</strong><br><br><code>In an ironic twist, Cognyte&apos;s data alerts customers to third-party data exposures.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cyber-analytics-database-exposed-5-billion-records-online/d/d-id/1341297?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25447">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 19:37:56">
19:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0324 ‼</strong><br><br><code>Product: AndroidVersions: Android SoCAndroid ID: A-175402462</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0324">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25448">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 19:37:57">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-0467 ‼</strong><br><br><code>In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0467">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25449">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 20:53:52">
20:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 VPN Attacks Surged in First Quarter 🕴</strong><br><br><code>But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/vpn-attacks-surged-in-first-quarter/d/d-id/1341300?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25450">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 21:38:04">
21:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34693 ‼</strong><br><br><code>net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34693">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25451">

      <div class="body">

       <div class="pull_right date details" title="14.06.2021 21:38:05">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-27887 ‼</strong><br><br><code>Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-810">

      <div class="body details">
15 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25452">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 07:38:31">
07:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31618 ‼</strong><br><br><code>Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25453">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 08:47:47">
08:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple Hurries Patches for Safari Bugs Under Active Attack ❌</strong><br><br><code>Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.</code><br><br><a href="https://threatpost.com/apple-patch-safari-active-attack/166922/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25454">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 09:40:55">
09:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ “Face of Anonymous” suspect deported from Mexico to face US hacking charges ⚠</strong><br><br><code>After nearly a decade as a US expat dubbed &quot;The Face of Anoynmous&quot;, he&apos;s back in the US facing cybercrime charges from almost a decade ago.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/15/face-of-anonymous-suspect-deported-from-mexico-to-face-us-hacking-charges/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25455">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 09:47:48">
09:47
       </div>

       <div class="text">
<strong>❌ Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data ❌</strong><br><br><code>Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.</code><br><br><a href="https://threatpost.com/court-linkedin-data-scraping/166927/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25456">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 10:48:27">
10:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft product vulnerabilities reached a new high of 1,268 in 2020 🦿</strong><br><br><code>56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-product-vulnerabilities-reached-a-new-high-of-1268-in-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25457">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 11:29:26">
11:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Does the Government Buy Its Cybersecurity? 🕴</strong><br><br><code>The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.</code><br><br><a href="https://www.darkreading.com/operations/how-does-the-government-buy-its-cybersecurity/a/d-id/1341214?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25458">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 12:18:00">
12:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SASE &amp; Zero Trust: The Dream Team ❌</strong><br><br><code>Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.</code><br><br><a href="https://threatpost.com/sase-zero-trust-the-dream-team/166880/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25459">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 12:53:02">
12:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Hashcat Advanced Password Recovery 6.2.2 Source Code 🛠</strong><br><br><code>Hashcat is an advanced GPU hash cracking utility that includes the World&apos;s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/163163/hashcat-6.2.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25460">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 13:29:31">
13:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How President Biden Can Better Defend the US From Russian Hacks 🕴</strong><br><br><code>Wilson Center cybersecurity expert Meg King pinpoints five ambitious steps the administration should take, including a comprehensive national data breach notification protocol.</code><br><br><a href="https://www.darkreading.com/edge/theedge/how-president-biden-can-better-defend-the-us-from-russian-hacks/b/d-id/1341301?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25461">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 14:17:58">
14:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign ❌</strong><br><br><code>Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.</code><br><br><a href="https://threatpost.com/microsoft-disrupts-cloud-bec-campaign/166937/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25462">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 14:17:59">
14:17
       </div>

       <div class="text">
<strong>❌ Malicious PDFs Flood the Web, Lead to Password-Snarfing ❌</strong><br><br><code>SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords &amp; links to redirect to the malware.</code><br><br><a href="https://threatpost.com/rotten-pdfs-flood-web-password-snarfing/166932/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25463">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 14:29:31">
14:29
       </div>

       <div class="text">
<strong>🕴 What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain 🕴</strong><br><br><code>Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.</code><br><br><a href="https://www.darkreading.com/operations/what-industrial-control-system-vulnerabilities-can-teach-us-about-protecting-the-supply-chain/a/d-id/1341216?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25464">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 15:59:36">
15:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Deloitte Buys Terbium Labs to Expand Threat Intel Capabilities 🕴</strong><br><br><code>Terbium Labs&apos; products and services will become part of Deloitte&apos;s Detect &amp; Respond lineup, the company confirms.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/deloitte-buys-terbium-labs-to-expand-threat-intel-capabilities/d/d-id/1341305?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25465">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 17:38:59">
17:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31497 ‼</strong><br><br><code>This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25466">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 17:39:00">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31487 ‼</strong><br><br><code>This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31487">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25467">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 17:59:40">
17:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Andariel Group Targets South Korean Entities in New Campaign 🕴</strong><br><br><code>Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/andariel-group-targets-south-korean-entities-in-new-campaign/d/d-id/1341307?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25468">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 18:18:06">
18:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Millions of Connected Cameras Open to Eavesdropping ❌</strong><br><br><code>A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.</code><br><br><a href="https://threatpost.com/millions-connected-cameras-eavesdropping/166950/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25469">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 18:29:40">
18:29
       </div>

       <div class="text">
<strong>🕴 Security Experts Scrutinize Apple, Amazon IoT Networks 🕴</strong><br><br><code>Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.</code><br><br><a href="https://www.darkreading.com/iot/security-experts-scrutinize-apple-amazon-iot-networks/d/d-id/1341306?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25470">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 18:59:42">
18:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Disrupts Large-Scale BEC Campaign Across Web Services 🕴</strong><br><br><code>Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.</code><br><br><a href="https://www.darkreading.com/cloud/microsoft-disrupts-large-scale-bec-campaign-across-web-services/d/d-id/1341311?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25471">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 19:29:43">
19:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet 🕴</strong><br><br><code>Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/thousands-of-vmware-vcenter-servers-remain-open-to-attack-over-the-internet/d/d-id/1341310?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25472">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 19:39:03">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-34170 ‼</strong><br><br><code>Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25473">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 19:39:04">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-21316 ‼</strong><br><br><code>A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25474">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 21:39:09">
21:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-30550 ‼</strong><br><br><code>Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25475">

      <div class="body">

       <div class="pull_right date details" title="15.06.2021 21:39:10">
21:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-24037 ‼</strong><br><br><code>A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-811">

      <div class="body details">
16 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25476">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 02:39:24">
02:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32623 ‼</strong><br><br><code>Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32623">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25477">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 07:39:39">
07:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-9493 ‼</strong><br><br><code>A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25478">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 08:48:31">
08:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Peloton Bike+ Bug Gives Hackers Complete Control ❌</strong><br><br><code>An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.</code><br><br><a href="https://threatpost.com/peloton-bike-bug-hackers-control/166960/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25479">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 09:18:31">
09:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Researchers: Booming Cyber-Underground Market for Initial-Access Brokers ❌</strong><br><br><code>Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from &apos;vendors&apos; that have previously installed backdoors on targets.</code><br><br><a href="https://threatpost.com/booming-cyber-underground-market-initial-access-brokers/166965/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25480">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 09:39:44">
09:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21441 ‼</strong><br><br><code>There is a XSS vulnerability in the ticket overview screens. It&apos;s possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn&apos;t require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25481">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 10:18:33">
10:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 5 Tips to Prevent and Mitigate Ransomware Attacks ❌</strong><br><br><code>Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.</code><br><br><a href="https://threatpost.com/5-tips-to-prevent-and-mitigate-ransomware-attacks/166847/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25482">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 10:48:52">
10:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The many ways a ransomware attack can hurt your organization 🦿</strong><br><br><code>Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.</code><br><br><a href="https://www.techrepublic.com/article/the-many-ways-a-ransomware-attack-can-hurt-your-organization/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25483">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 11:11:25">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Clop ransomware suspects busted in Ukraine, money and motors seized ⚠</strong><br><br><code>Victims in South Korea and the USA, suspects busted in Ukraine.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/16/clop-ransomware-suspects-busted-in-ukraine-money-and-motors-seized/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25484">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 11:30:20">
11:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Don&apos;t Get Stymied by Security Indecision 🕴</strong><br><br><code>You might be increasing cyber-risk by not actively working to reduce it.</code><br><br><a href="https://www.darkreading.com/risk/dont-get-stymied-by-security-indecision/a/d-id/1341217?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25485">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 11:39:51">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-27485 ‼</strong><br><br><code>ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27485">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25486">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 11:39:52">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31857 ‼</strong><br><br><code>In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25487">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 12:19:01">
12:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Akamai adds automation and machine learning to protect user accounts, APIs and applications 🦿</strong><br><br><code>Edge platform cybersecurity enhancements are intended to increase responsiveness and augment decision-making, the company said.</code><br><br><a href="https://www.techrepublic.com/article/akamai-adds-automation-and-machine-learning-to-protect-user-accounts-apis-and-applications/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25488">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 13:18:41">
13:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Euros-Driven Football Fever Nets Dumb Passwords ❌</strong><br><br><code>The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: &quot;Football.&quot;</code><br><br><a href="https://threatpost.com/euros-football-fever-dumb-passwords/166974/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25489">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 13:40:04">
13:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21668 ‼</strong><br><br><code>Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21668">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25490">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 13:40:05">
13:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-8299 ‼</strong><br><br><code>Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25491">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 13:48:40">
13:48
       </div>

       <div class="text">
<strong>❌ Takeaways from the Colonial Pipeline Ransomware Attack ❌</strong><br><br><code>The incident showcases basic steps that organizations can take to protect themselves as ransomware gangs get smarter.</code><br><br><a href="https://threatpost.com/takeaways-colonial-pipeline-ransomware/166980/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25492">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 14:30:22">
14:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Keeping Your Organization Secure When Dealing With the Unexpected 🕴</strong><br><br><code>There&apos;s no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.</code><br><br><a href="https://www.darkreading.com/risk/keeping-your-organization-secure-when-dealing-with-the-unexpected/a/d-id/1341218?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25493">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 15:18:44">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ransomware Poll: 80% of Victims Don’t Pay Up ❌</strong><br><br><code>Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said were hit by a second attack.</code><br><br><a href="https://threatpost.com/ransomware-victims-dont-pay-up/166989/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25494">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 15:30:22">
15:30
       </div>

       <div class="text">
<strong>🕴 Is an Attacker Living Off Your Land? 🕴</strong><br><br><code>Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage.</code><br><br><a href="https://www.darkreading.com/edge/theedge/is-an-attacker-living-off-your-land/b/d-id/1341303?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25495">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 15:40:03">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-20444 ‼</strong><br><br><code>Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected &apos;file&apos; GET parameter in &apos;/shared/view_source.php&apos; which &quot;could&quot; lead to RCE vulnerability .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20444">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25496">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 15:40:04">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-22199 ‼</strong><br><br><code>SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25497">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 15:48:45">
15:48
       </div>

       <div class="text">
<strong>❌ IKEA Fined $1.2M for Elaborate ‘Spying System’ ❌</strong><br><br><code>A French court fined the furniture giant for illegal surveillance on 400 customers and staff.</code><br><br><a href="https://threatpost.com/ikea-fined-spying-system/166991/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25498">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 16:30:23">
16:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Russian National Convicted on Charges Related to Kelihos Botnet 🕴</strong><br><br><code>Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/russian-national-convicted-on-charges-related-to-kelihos-botnet/d/d-id/1341319?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25499">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 17:00:24">
17:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Security Flaw Discovered In Peloton Equipment 🕴</strong><br><br><code>The vulnerability could give attackers remote root access to the bike&apos;s tablet, researchers report.</code><br><br><a href="https://www.darkreading.com/iot/security-flaw-discovered-in-peloton-equipment/d/d-id/1341320?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25500">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 17:00:25">
17:00
       </div>

       <div class="text">
<strong>🕴 Biden Tells Putin Critical Infrastructure Sectors &apos;Off Limits&apos; to Russian Hacking 🕴</strong><br><br><code>President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/biden-tells-putin-critical-infrastructure-sectors-off-limits-to-russian-hacking/d/d-id/1341322?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25501">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 17:40:11">
17:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1568 ‼</strong><br><br><code>A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25502">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 17:40:12">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1541 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1541">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25503">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 18:30:27">
18:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ransomware Operators&apos; Strategies Evolve as Attacks Rise 🕴</strong><br><br><code>Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ransomware-operators-strategies-evolve-as-attacks-rise/d/d-id/1341327?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25504">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 19:30:30">
19:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ukraine Police Disrupt Cl0p Ransomware Operation 🕴</strong><br><br><code>Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ukraine-police-disrupt-cl0p-ransomware-operation/d/d-id/1341323?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25505">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 19:40:24">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-34201 ‼</strong><br><br><code>D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34201">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25506">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 19:40:25">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-34204 ‼</strong><br><br><code>D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34204">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25507">

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 19:40:26">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-32243 ‼</strong><br><br><code>FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25508">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 21:11:36">
21:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ How to hack a bicycle – Peloton Bike+ rooting bug patched ⚠</strong><br><br><code>It&apos;s a bike, Jim, but not as we know it.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/17/how-to-hack-a-bicycle-peloton-bike-rooting-bug-patched/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25509">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.06.2021 21:40:20">
21:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31476 ‼</strong><br><br><code>This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31476">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-812">

      <div class="body details">
17 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25510">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 09:40:56">
09:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21777 ‼</strong><br><br><code>An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25511">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 10:19:22">
10:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Threat Actors Use Google Docs to Host Phishing Attacks ❌</strong><br><br><code>Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.</code><br><br><a href="https://threatpost.com/google-docs-host-attack/166998/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25512">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:11:53">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/17/s3-ep37-quantum-crypto-refunding-bitcoins-and-alpaca-problems-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25513">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:19:21">
11:19
       </div>

       <div class="text">
<strong>🦿 Amazon Prime Day scams resurface for 2021 🦿</strong><br><br><code>With this year&apos;s Amazon Prime Day set for June 21-22, scammers are already touting &quot;Early Prime Day Deals,&quot; says Bolster.</code><br><br><a href="https://www.techrepublic.com/article/amazon-prime-day-scams-resurface-for-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25514">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:30:54">
11:30
       </div>

       <div class="text">
<strong>🕴 Mission Critical: What Really Matters in a Cybersecurity Incident 🕴</strong><br><br><code>The things you do before and during a cybersecurity incident can make or break the success of your response.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/mission-critical-what-really-matters-in-a-cybersecurity-incident/a/d-id/1341255?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25515">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:40:59">
11:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-32946 ‼</strong><br><br><code>An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32946">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25516">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:41:00">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32938 ‼</strong><br><br><code>Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25517">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:41:01">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32950 ‼</strong><br><br><code>An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25518">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:41:02">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32944 ‼</strong><br><br><code>A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32944">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25519">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:41:03">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32952 ‼</strong><br><br><code>An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32952">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25520">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 11:41:07">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32936 ‼</strong><br><br><code>An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32936">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25521">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 13:41:06">
13:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34825 ‼</strong><br><br><code>Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25522">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 13:41:07">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-31818 ‼</strong><br><br><code>Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25523">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 13:49:29">
13:49
       </div>

       <div class="text">
<strong>❌ CVS Health Records for 1.1 Billion Customers Exposed ❌</strong><br><br><code>A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.</code><br><br><a href="https://threatpost.com/cvs-health-records-billion-customers-exposed/167011/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25524">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 14:19:31">
14:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes ❌</strong><br><br><code>An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft&apos;s native email controls.</code><br><br><a href="https://threatpost.com/geek-squad-vishing-bypasses-email-security/167014/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25525">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 14:31:00">
14:31
       </div>

       <div class="text">
<strong>🕴 Cyberattacks Are Tailored to Employees ... Why Isn&apos;t Security Training? 🕴</strong><br><br><code>Consider four factors and behaviors that impact a particular employee&apos;s risk, and how security training should take them into account.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cyberattacks-are-tailored-to-employees--why-isnt-security-training/a/d-id/1341261?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25526">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 15:41:10">
15:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23396 ‼</strong><br><br><code>All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23396">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25527">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 15:41:11">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2013-20002 ‼</strong><br><br><code>Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-20002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25528">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 15:46:07">
15:46
       </div>

       <div class="text">
<strong>🔏 What is Data Classification? A Data Classification Definition 🔏</strong><br><br><code>Learn about the different types of classification and how to effectively classify your data in Data Protection 101, our series on the fundamentals of data security.</code><br><br><a href="https://digitalguardian.com/blog/what-data-classification-data-classification-definition">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25529">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 16:49:36">
16:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cisco Smart Switches Riddled with Severe Security Holes ❌</strong><br><br><code>The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.</code><br><br><a href="https://threatpost.com/cisco-smart-switches-security-holes/167031/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25530">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 17:11:13">
17:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32575 ‼</strong><br><br><code>HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25531">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 17:11:14">
17:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-33557 ‼</strong><br><br><code>An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25532">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 17:49:38">
17:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Clop Raid: A Big Win in the War on Ransomware? ❌</strong><br><br><code>Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.</code><br><br><a href="https://threatpost.com/clop-raid-big-win-war-ransomware/167036/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25533">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 18:01:09">
18:01
       </div>

       <div class="text">
<strong>🕴 Google Launches SLSA, A New Framework for Supply Chain Integrity 🕴</strong><br><br><code>The &apos;Supply chain Levels for Software Artifacts&apos; aims to ensure the integrity of components throughout the software supply chain.</code><br><br><a href="https://www.darkreading.com/application-security/google-launches-slsa-a-new-framework-for-supply-chain-integrity/d/d-id/1341333?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25534">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 18:31:10">
18:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Carnival Cruise Line Reports Security Breach 🕴</strong><br><br><code>The cruise ship operator says the incident affected employee and guest data.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/carnival-cruise-line-reports-security-breach-/d/d-id/1341335?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25535">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 19:31:11">
19:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 One in Five Manufacturing Firms Targeted by Cyberattacks 🕴</strong><br><br><code>Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/one-in-five-manufacturing-firms-targeted-by-cyberattacks/d/d-id/1341334?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25536">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 19:41:19">
19:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32695 ‼</strong><br><br><code>Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25537">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 20:06:14">
20:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Data Breaches Surge in Food &amp; Beverage, Other Industries 🕴</strong><br><br><code>Six previously &quot;under-attacked&quot; vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/data-breaches-surge-in-food-and-beverage-other-industries/d/d-id/1341336?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25538">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 21:11:24">
21:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32426 ‼</strong><br><br><code>In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router&apos;s web interface via the &quot;echo&quot; command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25539">

      <div class="body">

       <div class="pull_right date details" title="17.06.2021 21:11:24">
21:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-32694 ‼</strong><br><br><code>Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32694">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-813">

      <div class="body details">
18 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25540">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 02:11:34">
02:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34811 ‼</strong><br><br><code>Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34811">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25541">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 02:11:35">
02:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-34553 ‼</strong><br><br><code>Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25542">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 08:16:33">
08:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 6/18 🔏</strong><br><br><code>New data privacy acts, the G7 on ransomware, and how cybersecurity factors into M&amp;As - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-6/18">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25543">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 08:19:47">
08:19
       </div>

       <div class="text">
<strong>🦿 Microsoft&apos;s new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices 🦿</strong><br><br><code>Devices have multiple OSs and firmware running, and most organisations don&apos;t know what they have or if it&apos;s secure. Microsoft will use ReFirm to make it easier to find out without being an expert.</code><br><br><a href="https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25544">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 09:20:06">
09:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors ❌</strong><br><br><code>A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.</code><br><br><a href="https://threatpost.com/darkside-global-energy-food/167056/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25545">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 09:41:54">
09:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33576 ‼</strong><br><br><code>An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25546">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 09:41:55">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32536 ‼</strong><br><br><code>The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32536">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25547">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 09:50:05">
09:50
       </div>

       <div class="text">
<strong>❌ ‘Oddball’ Malware Blocks Access to Pirated Software ❌</strong><br><br><code>Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.</code><br><br><a href="https://threatpost.com/oddball-malware-blocks-pirated-software/167060/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25548">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 10:50:08">
10:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Insider Versus Outsider: Navigating Top Data Loss Threats ❌</strong><br><br><code>Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.</code><br><br><a href="https://threatpost.com/insider-outsider-data-loss-threats/167063/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25549">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 11:42:00">
11:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2005-0394 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25550">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 11:42:01">
11:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-26834 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25551">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 11:45:55">
11:45
       </div>

       <div class="text">
<strong>🕴 4 Habits of Highly Effective Security Operators 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/4-habits-of-highly-effective-security-operators/a/d-id/1341269?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25552">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 12:20:12">
12:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Carnival Cruise Cyber-Torpedoed by Cyberattack ❌</strong><br><br><code>This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks.</code><br><br><a href="https://threatpost.com/carnival-cruise-cyberattack/167065/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25553">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 12:50:12">
12:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ What’s Making Your Company a Ransomware Sitting Duck ❌</strong><br><br><code>What&apos;s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?</code><br><br><a href="https://threatpost.com/ransomware-sitting-duck/167040/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25554">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 13:12:04">
13:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3604 ‼</strong><br><br><code>Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3604">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25555">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 13:12:05">
13:12
       </div>

       <div class="text">
<strong>‼ CVE-2020-18442 ‼</strong><br><br><code>Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value &quot;zzip_file_read&quot; in the function &quot;unzzip_cat_file&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18442">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25556">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 14:01:49">
14:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 11 Security Certifications to Seek Out This Summer 🕴</strong><br><br><code>The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your security career.</code><br><br><a href="https://www.darkreading.com/edge/theedge/11-security-certifications-to-seek-out-this-summer/b/d-id/1341337?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25557">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 14:12:20">
14:12
       </div>

       <div class="text">
<strong>⚠ Can *YOU* blow a PC speaker using only a Linux kernel driver? ⚠</strong><br><br><code>Can you help? There&apos;s a hidden meaning here, and it&apos;s time to find it!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/18/can-you-blow-a-pc-speaker-using-only-a-linux-kernel-driver/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25558">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 14:12:21">
14:12
       </div>

       <div class="text">
<strong>⚠ S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/17/s3-ep37-quantum-crypto-refunding-bitcoins-and-alpaca-problems-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25559">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 17:42:15">
17:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33818 ‼</strong><br><br><code>An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25560">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 18:01:56">
18:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Accidental Insider Leaks Prove Major Source of Risk 🕴</strong><br><br><code>Research reports highlight growing concerns around insider negligence that leads to data breaches.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/accidental-insider-leaks-prove-major-source-of-risk/d/d-id/1341343?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25561">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 18:31:56">
18:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Attackers Find New Way to Exploit Google Docs for Phishing 🕴</strong><br><br><code>Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/attackers-find-new-way-to-exploit-google-docs-for-phishing-/d/d-id/1341342?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25562">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 19:42:21">
19:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33823 ‼</strong><br><br><code>An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service&apos;s resource exhausted. Then the web server is denial-of-service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25563">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 19:42:21">
19:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-33824 ‼</strong><br><br><code>An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33824">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25564">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 21:12:24">
21:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31272 ‼</strong><br><br><code>SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25565">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 21:12:25">
21:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-31662 ‼</strong><br><br><code>RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25566">

      <div class="body">

       <div class="pull_right date details" title="18.06.2021 21:12:25">
21:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-33186 ‼</strong><br><br><code>SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-814">

      <div class="body details">
20 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25567">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.06.2021 11:14:05">
11:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24368 ‼</strong><br><br><code>The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-815">

      <div class="body details">
21 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25568">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 02:14:43">
02:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-20467 ‼</strong><br><br><code>White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20467">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25569">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 02:14:44">
02:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-20466 ‼</strong><br><br><code>White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20466">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25570">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 07:14:57">
07:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-20471 ‼</strong><br><br><code>White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25571">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 07:14:58">
07:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-20473 ‼</strong><br><br><code>White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25572">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 09:15:03">
09:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31769 ‼</strong><br><br><code>MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The &quot;Select server file&quot; feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31769">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25573">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 11:04:13">
11:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Are Ransomware Attacks the New Pandemic? 🕴</strong><br><br><code>Ransomware has been a problem for decades, so why is government just now beginning to address it?</code><br><br><a href="https://www.darkreading.com/risk/are-ransomware-attacks-the-new-pandemic-/a/d-id/1341275?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25574">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 11:15:07">
11:15
       </div>

       <div class="text">
<strong>‼ CVE-2020-7031 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25575">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 13:15:16">
13:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-22390 ‼</strong><br><br><code>Akaunting &lt;= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25576">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 13:15:17">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2006-0016 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25577">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 14:22:20">
14:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ iPhone Wi-Fi Crushed by Weird Network ❌</strong><br><br><code>… until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.</code><br><br><a href="https://threatpost.com/iphone-wi-fi-weird-network/167075/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25578">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 15:04:20">
15:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Fintech at SaaS Speed 🕴</strong><br><br><br><br><a href="https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&amp;partnerref=SP&amp;eventid=3205591&amp;sessionid=1&amp;key=4A54ECD1F67B764F40C62141A727C5D6&amp;regTag=&amp;V2=false&amp;sourcepage=register&amp;_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25579">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 15:15:17">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0522 ‼</strong><br><br><code>In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25580">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 15:15:18">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0520 ‼</strong><br><br><code>In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0520">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25581">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 17:15:22">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-19510 ‼</strong><br><br><code>Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19510">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25582">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 17:15:23">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-32697 ‼</strong><br><br><code>neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25583">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 17:22:24">
17:22
       </div>

       <div class="text">
<strong>❌ Embryology Data Breach Follows Fertility Clinic Ransomware Hit ❌</strong><br><br><code>Approximately 38,000 of RBA&apos;s customers had their embryology data stolen by a ransomware gang.</code><br><br><a href="https://threatpost.com/embryology-data-breach-fertility-clinic-ransomware/167087/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25584">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 17:34:26">
17:34
       </div>

       <div class="text">
<strong>🕴 Baltimore County Public Schools&apos; Ransomware Recovery Tops $8M 🕴</strong><br><br><code>The school district has spent seven months and a reported $8.1 million recovering from the November attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/baltimore-county-public-schools-ransomware-recovery-tops-%248m/d/d-id/1341350?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25585">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 17:52:27">
17:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft ❌</strong><br><br><code>Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.</code><br><br><a href="https://threatpost.com/nvidia-jetson-chipset-dos-data-theft/167093/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25586">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 19:04:29">
19:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Data Leaked in Fertility Clinic Ransomware Attack 🕴</strong><br><br><code>Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/data-leaked-in-fertility-clinic-ransomware-attack/d/d-id/1341351?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25587">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 19:15:27">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-24377 ‼</strong><br><br><code>The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the &apos;Import Settings&apos; feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24377">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25588">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 19:15:28">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-24372 ‼</strong><br><br><code>The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[&apos;REQUEST_URI&apos;] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25589">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 19:15:28">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-24369 ‼</strong><br><br><code>In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24369">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25590">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 19:15:29">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-29061 ‼</strong><br><br><code>A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25591">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 19:22:28">
19:22
       </div>

       <div class="text">
<strong>❌ Wegmans Exposes Customer Data in Misconfigured Databases ❌</strong><br><br><code>Cleanup in aisle &quot;Oops&quot;: The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.</code><br><br><a href="https://threatpost.com/wegmans-exposes-customer-data-misconfigured-databases/167099/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25592">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 20:04:30">
20:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Did Companies Fail to Disclose Being Affected by SolarWinds Breach? 🕴</strong><br><br><code>The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/did-companies-fail-to-disclose-being-affected-by-solarwinds-breach/d/d-id/1341354?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25593">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 21:15:34">
21:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2010-0413 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0413">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25594">

      <div class="body">

       <div class="pull_right date details" title="21.06.2021 21:15:35">
21:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-32698 ‼</strong><br><br><code>eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is &quot;blind&quot; because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-816">

      <div class="body details">
22 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25595">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 02:15:49">
02:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20742 ‼</strong><br><br><code>Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20742">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25596">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 02:15:50">
02:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-20733 ‼</strong><br><br><code>Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25597">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 08:22:54">
08:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Six Flags to Pay $36M Over Collection of Fingerprints ❌</strong><br><br><code>Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks.</code><br><br><a href="https://threatpost.com/six-flags-to-pay-36m-over-collection-of-fingerprints/167103/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25598">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 09:19:25">
09:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0571 ‼</strong><br><br><code>In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25599">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 09:19:55">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-0563 ‼</strong><br><br><code>In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25600">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 11:16:14">
11:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0606 ‼</strong><br><br><code>In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0606">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25601">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 11:16:15">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0545 ‼</strong><br><br><code>In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0545">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25602">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 11:16:16">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0539 ‼</strong><br><br><code>In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25603">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 11:35:00">
11:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started 🕴</strong><br><br><code>Don&apos;t overlook crisis communications in your cybersecurity incident response planning.</code><br><br><a href="https://www.darkreading.com/operations/does-your-cyberattack-plan-include-a-crisis-communications-strategy-5-tips-to-get-started/a/d-id/1341313?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25604">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 11:44:04">
11:44
       </div>

       <div class="text">
<strong>⚠ Ransomware: What REALLY happens if you pay the crooks? ⚠</strong><br><br><code>Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/22/ransomware-what-really-happens-if-you-pay-the-crooks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25605">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 12:05:03">
12:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Powerful Cybersecurity Skills the Energy Sector Needs Most 🕴</strong><br><br><code>Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.</code><br><br><a href="https://www.darkreading.com/edge/theedge/7-powerful-cybersecurity-skills-the-energy-sector-needs-most/b/d-id/1341349?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25606">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 13:16:19">
13:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-22168 ‼</strong><br><br><code>PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25607">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 13:16:20">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34243 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25608">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 13:16:21">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-22167 ‼</strong><br><br><code>PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25609">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 13:23:04">
13:23
       </div>

       <div class="text">
<strong>❌ Lexmark Printers Open to Arbitrary Code-Execution Zero-Day ❌</strong><br><br><code>“No remedy available as of June 21, 2021,&quot; according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.</code><br><br><a href="https://threatpost.com/lexmark-printers-code-execution-zero-day/167111/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25610">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 13:53:05">
13:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Kids’ Apps on Google Play Rife with Privacy Violations ❌</strong><br><br><code>One in five of the most-popular apps for kids under 13 on Google Play don&apos;t comply with COPPA regulations on how children&apos;s information is collected and used.</code><br><br><a href="https://threatpost.com/kids-apps-google-play-privacy-violations/167110/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25611">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 14:05:07">
14:05
       </div>

       <div class="text">
<strong>🕴 Majority of Web Apps in 11 Industries Are Vulnerable All the Time 🕴</strong><br><br><code>Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.</code><br><br><a href="https://www.darkreading.com/application-security/majority-of-web-apps-in-11-industries-are-vulnerable-all-the-time/d/d-id/1341356?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25612">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 14:21:53">
14:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Splunk launches security products and AWS security enhancements 🦿</strong><br><br><code>The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.</code><br><br><a href="https://www.techrepublic.com/article/splunk-launches-security-products-and-aws-security-enhancements/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25613">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 14:35:06">
14:35
       </div>

       <div class="text">
<strong>🕴 NSA Funds Development &amp; Release of D3FEND Framework 🕴</strong><br><br><code>The framework, now available through MITRE, provides countermeasures to attacks.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/nsa-funds-development-and-release-of-d3fend-framework/d/d-id/1341357?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25614">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 15:05:07">
15:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Chart: Strength in Numbers 🕴</strong><br><br><code>More companies are heeding expert advice to beef up their incident-response teams.</code><br><br><a href="https://www.darkreading.com/edge/theedge/chart-strength-in-numbers/b/d-id/1341355?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25615">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 15:16:26">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-18654 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the &quot;Title&quot; parameter in the component &quot;/coreframe/app/guestbook/myissue.php&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25616">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 15:23:09">
15:23
       </div>

       <div class="text">
<strong>❌ Email Bug Allows Message Snooping, Credential Theft ❌</strong><br><br><code>A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.</code><br><br><a href="https://threatpost.com/email-bug-message-snooping-credential-theft/167125/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25617">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 15:51:54">
15:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How a Business Email Compromise attack can threaten your organization 🦿</strong><br><br><code>The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn.</code><br><br><a href="https://www.techrepublic.com/article/how-a-business-email-compromise-attack-can-threaten-your-organization/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25618">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 16:05:11">
16:05
       </div>

       <div class="text">
<strong>🕴 Transmit Security Announces $543M Series A Funding Round 🕴</strong><br><br><code>The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.</code><br><br><a href="https://www.darkreading.com/endpoint/transmit-security-announces-%24543m-series-a-funding-round/d/d-id/1341359?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25619">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 16:53:12">
16:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cryptominers Slither into Python Projects in Supply-Chain Campaign ❌</strong><br><br><code>These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers&apos; applications.</code><br><br><a href="https://threatpost.com/cryptominers-python-supply-chain/167135/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25620">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 17:04:00">
17:04
       </div>

       <div class="text">
<strong>🛠 Clam AntiVirus Toolkit 0.103.3 🛠</strong><br><br><code>Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.</code><br><br><a href="https://packetstormsecurity.com/files/163237/clamav-0.103.3.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25621">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 17:16:31">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-22377 ‼</strong><br><br><code>There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22377">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25622">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 17:16:32">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-22382 ‼</strong><br><br><code>Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22382">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25623">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 17:16:34">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-22361 ‼</strong><br><br><code>There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25624">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 17:53:13">
17:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ BEC Losses Top $1.8B as Tactics Evolve ❌</strong><br><br><code>BEC attacks getting are more dangerous, and smart users are the ones who can stop it.</code><br><br><a href="https://threatpost.com/bec-losses-top-18b/167148/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25625">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 19:16:36">
19:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32699 ‼</strong><br><br><code>Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25626">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 19:16:37">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-32700 ‼</strong><br><br><code>Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25627">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 19:51:57">
19:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Data resiliency is key to surviving a ransomware attack, expert says 🦿</strong><br><br><code>It&apos;s not &quot;if&quot; but &quot;when&quot; you&apos;ll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.</code><br><br><a href="https://www.techrepublic.com/videos/data-resiliency-is-key-to-surviving-a-ransomware-attack-expert-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25628">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 19:51:58">
19:51
       </div>

       <div class="text">
<strong>🦿 How to be prepared for a ransomware attack: Check your data and backups 🦿</strong><br><br><code>Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.</code><br><br><a href="https://www.techrepublic.com/article/how-to-be-prepared-for-a-ransomware-attack-check-your-data-and-backups/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25629">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 20:05:17">
20:05
       </div>

       <div class="text">
<strong>🕴 Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO 🕴</strong><br><br><code>A new report suggests that top management at most companies still don&apos;t get security.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/despite-heightened-cyber-risks-few-security-leaders-report-to-ceo/d/d-id/1341367?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25630">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:27:30">
21:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34391 ‼</strong><br><br><code>Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34391">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25631">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:27:31">
21:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-34396 ‼</strong><br><br><code>Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34396">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25632">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:27:32">
21:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-34393 ‼</strong><br><br><code>Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34393">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25633">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:27:33">
21:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-34395 ‼</strong><br><br><code>Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34395">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25634">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:30:32">
21:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-34397 ‼</strong><br><br><code>Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34397">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25635">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:30:32">
21:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-34392 ‼</strong><br><br><code>Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25636">

      <div class="body">

       <div class="pull_right date details" title="22.06.2021 21:30:33">
21:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-34390 ‼</strong><br><br><code>Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-817">

      <div class="body details">
23 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25637">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 07:53:36">
07:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SonicWall ‘Botches’ October Patch for Critical VPN Bug ❌</strong><br><br><code>Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.</code><br><br><a href="https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25638">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 09:17:17">
09:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35210 ‼</strong><br><br><code>Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25639">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 09:17:18">
09:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-29084 ‼</strong><br><br><code>Improper neutralization of special elements in output used by a downstream component (&apos;Injection&apos;) vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29084">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25640">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 09:23:39">
09:23
       </div>

       <div class="text">
<strong>❌ Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE ❌</strong><br><br><code>A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.</code><br><br><a href="https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25641">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 11:05:53">
11:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021 🕴</strong><br><br><code>Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/expecting-the-unexpected-tips-for-effectively-mitigating-ransomware-attacks-in-2021/a/d-id/1341288?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25642">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 11:52:15">
11:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to better detect and prevent Business Email Compromise attacks 🦿</strong><br><br><code>These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos.</code><br><br><a href="https://www.techrepublic.com/article/how-to-better-detect-and-prevent-business-email-compromise-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25643">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 12:23:44">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ REvil Ransomware Code Ripped Off by Rivals ❌</strong><br><br><code>The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.</code><br><br><a href="https://threatpost.com/revil-ransomware-code-rivals/167167/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25644">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 12:52:18">
12:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Employees are valuable assets: Why you need to safeguard them 🦿</strong><br><br><code>Two experts suggest calling employees &quot;insider threats&quot; is counterproductive; employees are assets needing protection.</code><br><br><a href="https://www.techrepublic.com/article/employees-are-valuable-assets-why-you-need-to-safeguard-them/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25645">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 12:55:21">
12:55
       </div>

       <div class="text">
<strong>❌ Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access ❌</strong><br><br><code>Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.</code><br><br><a href="https://threatpost.com/critical-palo-alto-bug-remote-war-room/167169/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25646">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 13:17:39">
13:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25950 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25647">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 13:17:40">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-20391 ‼</strong><br><br><code>Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20391">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25648">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 13:17:41">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2011-1955 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25649">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 13:20:36">
13:20
       </div>

       <div class="text">
<strong>🔏 An Interview with Ben McGraw, Cybersecurity Manager at Digital Guardian Part I 🔏</strong><br><br><code>In part one of our Q&amp;A with Ben McGraw, we discuss his journey to Digital Guardian, insight from DG&apos;s Analytics &amp; Reporting Cloud, and what makes a good threat hunter.</code><br><br><a href="https://digitalguardian.com/blog/interview-ben-mcgraw-cybersecurity-manager-digital-guardian-part-i">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25650">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 13:23:31">
13:23
       </div>

       <div class="text">
<strong>🦿 Cybersecurity practices must be applied to vehicles, too 🦿</strong><br><br><code>Manufacturers want to pack cars and trucks full of technology, but they need to remember the dangers to those who drive or ride in them.</code><br><br><a href="https://www.techrepublic.com/videos/cybersecurity-practices-must-be-applied-to-vehicles-too/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25651">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 14:05:58">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 When Will Cybersecurity Operations Adopt the Peter Parker Principle? 🕴</strong><br><br><code>Having a prevention mindset means setting our prevention capabilities to &quot;prevent&quot; instead of relying on detection and response.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/when-will-cybersecurity-operations-adopt-the-peter-parker-principle/a/d-id/1341285?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25652">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 14:23:49">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Pandemic-Bored Attackers Pummeled Gaming Industry ❌</strong><br><br><code>Akamai&apos;s 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.</code><br><br><a href="https://threatpost.com/attackers-gaming-industry/167183/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25653">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 15:17:35">
15:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3526 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25654">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 15:17:36">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-33624 ‼</strong><br><br><code>In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25655">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 16:53:56">
16:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Iran Media Websites Seized by U.S. in Disinformation Campaign ❌</strong><br><br><code>DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.</code><br><br><a href="https://threatpost.com/iran-media-websites-seized-disinformation/167198/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25656">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 17:06:04">
17:06
       </div>

       <div class="text">
<strong>🕴 Survey Seeks to Learn How 2020 Changed Security 🕴</strong><br><br><code>Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.</code><br><br><a href="https://www.darkreading.com/careers-and-people/survey-seeks-to-learn-how-2020-changed-security/d/d-id/1341376?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25657">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 17:06:05">
17:06
       </div>

       <div class="text">
<strong>🕴 New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies 🕴</strong><br><br><code>Researchers found a &quot;novel&quot; class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25658">

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 17:17:40">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-18657 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in GetSimpleCMS &lt;= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25659">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 17:36:04">
17:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Tracks New BazaCall Malware Campaign 🕴</strong><br><br><code>Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/microsoft-tracks-new-bazacall-malware-campaign/d/d-id/1341378?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25660">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 19:17:46">
19:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18660 ‼</strong><br><br><code>GetSimpleCMS &lt;=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18660">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25661">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 19:36:08">
19:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 VMs Help Ransomware Attackers Evade Detection, But It&apos;s Uncommon 🕴</strong><br><br><code>Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/vms-help-ransomware-attackers-evade-detection-but-its-uncommon/d/d-id/1341380?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25662">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 20:06:10">
20:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 79% of Third-Party Libraries in Apps Are Never Updated 🕴</strong><br><br><code>A lack of contextual information and concerns over application disruption among contributing factors.</code><br><br><a href="https://www.darkreading.com/application-security/79--of-third-party-libraries-in-apps-are-never-updated/d/d-id/1341383?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25663">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.06.2021 21:17:50">
21:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21809 ‼</strong><br><br><code>A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-818">

      <div class="body details">
24 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25664">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 02:18:02">
02:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32823 ‼</strong><br><br><code>In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit&lt;N&gt;. In combination with &lt;user_input&gt;.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25665">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 02:18:03">
02:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-35041 ‼</strong><br><br><code>The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25666">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 07:18:29">
07:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25652 ‼</strong><br><br><code>An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25667">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 07:18:30">
07:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-25655 ‼</strong><br><br><code>A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25668">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 07:24:20">
07:24
       </div>

       <div class="text">
<strong>❌ 30M Dell Devices at Risk for Remote BIOS Attacks, RCE ❌</strong><br><br><code>Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.</code><br><br><a href="https://threatpost.com/dell-bios-attacks-rce/167195/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25669">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 07:24:21">
07:24
       </div>

       <div class="text">
<strong>❌ Atlassian Bugs Could Have Led to 1-Click Takeover ❌</strong><br><br><code>A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.</code><br><br><a href="https://threatpost.com/atlassian-bugs-could-have-led-to-1-click-takeover/167203/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25670">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 09:18:21">
09:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21737 ‼</strong><br><br><code>A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25671">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 09:36:37">
09:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 rMTD: A Deception Method That Throws Attackers Off Their Game 🕴</strong><br><br><code>Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities exponentially difficult to exploit. Here&apos;s how.</code><br><br><a href="https://www.darkreading.com/edge/theedge/rmtd-a-deception-method-that-throws-attackers-off-their-game-/b/d-id/1341381?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25672">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 10:24:26">
10:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Tulsa’s Police-Citation Data Leaked by Conti Gang ❌</strong><br><br><code>A May 6 ransomware attack caused disruption across several of the municipality’s online services and websites.</code><br><br><a href="https://threatpost.com/tulsa-police-data-leaked-conti-ransomware/167220/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25673">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 11:11:40">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 John McAfee, Creator of McAfee Antivirus Software, Dead at 75 🕴</strong><br><br><code>McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.</code><br><br><a href="https://www.darkreading.com/endpoint/john-mcafee-creator-of-mcafee-antivirus-software-dead-at-75/d/d-id/1341384?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25674">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 11:11:41">
11:11
       </div>

       <div class="text">
<strong>🕴 Storms &amp; Silver Linings: Avoiding the Dangers of Cloud Migration 🕴</strong><br><br><code>We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?</code><br><br><a href="https://www.darkreading.com/cloud/storms-and-silver-linings-avoiding-the-dangers-of-cloud-migration-/a/d-id/1341314?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25675">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 11:18:25">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-26585 ‼</strong><br><br><code>A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25676">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 11:18:26">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-28097 ‼</strong><br><br><code>The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25677">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 12:22:44">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Remote Access Trojan now targeting schools with ransomware 🦿</strong><br><br><code>Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.</code><br><br><a href="https://www.techrepublic.com/article/remote-access-trojan-now-targeting-schools-with-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25678">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 12:44:51">
12:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/24/s3-ep38-clop-busts-destructive-linux-hacking-and-rooted-bicycles-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25679">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 12:54:31">
12:54
       </div>

       <div class="text">
<strong>❌ Critical VMware Carbon Black Bug Allows Authentication Bypass ❌</strong><br><br><code>The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.</code><br><br><a href="https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25680">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 13:18:31">
13:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24000 ‼</strong><br><br><code>A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &amp;lt;input type=&quot;file&quot;&amp;gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox &lt; 88.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25681">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 13:18:32">
13:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-29963 ‼</strong><br><br><code>Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 89.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29963">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25682">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 13:24:33">
13:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-29953 ‼</strong><br><br><code>A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox &lt; 88.0.1 and Firefox for Android &lt; 88.1.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29953">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25683">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 13:24:34">
13:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-21787 ‼</strong><br><br><code>CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25684">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 14:11:46">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Boardroom Perspectives on Cybersecurity: What It Means for You 🕴</strong><br><br><code>Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.</code><br><br><a href="https://www.darkreading.com/careers-and-people/boardroom-perspectives-on-cybersecurity-what-it-means-for-you/a/d-id/1341328?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25685">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 15:18:36">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18664 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in WebPort &lt;=1.19.1via the connection name parameter in type-conn.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25686">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 15:18:37">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-21783 ‼</strong><br><br><code>In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21783">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25687">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 15:18:38">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-32708 ‼</strong><br><br><code>Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32708">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25688">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 15:36:51">
15:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Preinstalled Firmware Updater Puts 128 Dell Models at Risk 🕴</strong><br><br><code>A feature of the computer maker&apos;s update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.</code><br><br><a href="https://www.darkreading.com/endpoint/preinstalled-firmware-updater-puts-128-dell-models-at-risk/d/d-id/1341385?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25689">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 16:22:49">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to easily join an AlmaLinux server to an Active Directory Domain with Cockpit 🦿</strong><br><br><code>Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI.</code><br><br><a href="https://www.techrepublic.com/article/how-to-easily-join-an-almalinux-server-to-an-active-directory-domain-with-cockpit/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25690">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 16:36:50">
16:36
       </div>

       <div class="text">
<strong>🕴 Tulsa Officials Warn Ransomware Attackers Leaked City Files 🕴</strong><br><br><code>The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/tulsa-officials-warn-ransomware-attackers-leaked-city-files/d/d-id/1341390?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25691">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 16:54:37">
16:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims ❌</strong><br><br><code>The infamous ransomware group hit two big-name companies within hours of each other.  </code><br><br><a href="https://threatpost.com/fcuk-fashion-medical-diagnostics-revil/167245/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25692">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 17:18:45">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32491 ‼</strong><br><br><code>A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32491">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25693">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 17:18:46">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-4945 ‼</strong><br><br><code>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4945">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25694">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 17:21:45">
17:21
       </div>

       <div class="text">
<strong>🔏 First CCPA Rights Requests Deadline Looms 🔏</strong><br><br><code>Organizations that comply with the CCPA should be aware of an upcoming public reporting requirement deadline, one of the first deadlines under the relatively new law.</code><br><br><a href="https://digitalguardian.com/blog/first-ccpa-rights-requests-deadline-looms">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25695">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 19:06:55">
19:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 74% of Q1 Malware Was Undetectable Via Signature-Based Tools 🕴</strong><br><br><code>Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/74--of-q1-malware-was-undetectable-via-signature-based-tools/d/d-id/1341394?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25696">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 19:18:49">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-32716 ‼</strong><br><br><code>Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25697">

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 19:18:50">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-32711 ‼</strong><br><br><code>Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25698">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.06.2021 22:24:48">
22:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Spam Downpour Drips New IcedID Banking Trojan Variant ❌</strong><br><br><code>The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.</code><br><br><a href="https://threatpost.com/spam-icedid-banking-trojan-variant/167250/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-819">

      <div class="body details">
25 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25699">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 09:15:13">
09:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ British tourists charged £1000s for pier visits in billing blunder ⚠</strong><br><br><code>That&apos;s a LOT of money just to visit a seaside pier!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/25/british-tourists-charged-1000s-for-pier-visits-in-billing-blunder/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25700">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 09:19:25">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-35475 ‼</strong><br><br><code>SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25701">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 10:25:11">
10:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Hackers Crack Pirated Games with Cryptojacking Malware ❌</strong><br><br><code>Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.</code><br><br><a href="https://threatpost.com/hackers-crack-pirated-games-malware/167263/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25702">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 11:07:25">
11:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Unconventional Pieces of Password Wisdom 🕴</strong><br><br><code>Challenging common beliefs about best practices in password hygiene.</code><br><br><a href="https://www.darkreading.com/application-security/7-unconventional-pieces-of-password-wisdom/d/d-id/1341400?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25703">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 11:19:29">
11:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-31615 ‼</strong><br><br><code>Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31615">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25704">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 11:19:30">
11:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-35049 ‼</strong><br><br><code>Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25705">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 12:37:29">
12:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 High-Level FIN7 Member Sentenced to 7 Years in Prison 🕴</strong><br><br><code>Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/high-level-fin7-member-sentenced-to-7-years-in-prison/d/d-id/1341406?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25706">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 12:55:16">
12:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks ❌</strong><br><br><code>“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There&apos;s an exploit.</code><br><br><a href="https://threatpost.com/my-book-live-wiped-rce-attacks/167270/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25707">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 13:07:29">
13:07
       </div>

       <div class="text">
<strong>🕴 School&apos;s Out for Summer, but Don&apos;t Close the Book on Cybersecurity Training 🕴</strong><br><br><code>Strengthening their security posture should be at the top of school IT departments&apos; summer to-do list.</code><br><br><a href="https://www.darkreading.com/operations/schools-out-for-summer-but-dont-close-the-book-on-cybersecurity-training-/a/d-id/1341329?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25708">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 13:19:36">
13:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34184 ‼</strong><br><br><code>Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25709">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 13:25:12">
13:25
       </div>

       <div class="text">
<strong>❌ Cisco ASA Bug Now Actively Exploited as PoC Drops ❌</strong><br><br><code>In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.</code><br><br><a href="https://threatpost.com/cisco-asa-bug-exploited-poc/167274/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25710">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 13:36:22">
13:36
       </div>

       <div class="text">
<strong>🛠 Flawfinder 2.0.18 🛠</strong><br><br><code>Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.</code><br><br><a href="https://packetstormsecurity.com/files/163287/flawfinder-2.0.18.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25711">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 14:20:48">
14:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 6/25 🔏</strong><br><br><code>Ransomware debates, spyware indictments, and CISA confirmations- catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-6/25">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25712">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 15:07:33">
15:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Data Privacy Is in 23andMe CSO&apos;s DNA 🕴</strong><br><br><code>How serious is the company about safeguarding its customers and their genetic information? &quot;We&apos;re hiding data even from ourselves,&quot; says the biotech and genetic testing company&apos;s head of security.</code><br><br><a href="https://www.darkreading.com/edge/theedge/data-privacy-is-in-23andme-csos-dna/b/d-id/1341407?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25713">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 15:19:40">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-3314 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25714">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 15:19:41">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-35501 ‼</strong><br><br><code>PandoraFMS &lt;=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35501">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25715">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 15:25:18">
15:25
       </div>

       <div class="text">
<strong>❌ FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Payment-Card Losses ❌</strong><br><br><code>One of the Carbanak cybergang&apos;s highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments.</code><br><br><a href="https://threatpost.com/fin7-pen-tester-jail/167293/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25716">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 16:53:18">
16:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Ransomware-as-a-service business model takes a hit in the aftermath of the Colonial Pipeline attack 🦿</strong><br><br><code>Cybercrime gangs are finding it harder to recruit partners for the affiliate programs that power ransomware attacks.</code><br><br><a href="https://www.techrepublic.com/article/ransomware-as-a-service-business-model-takes-a-hit-in-the-aftermath-of-the-colonial-pipeline-attack/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25717">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 17:19:45">
17:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33529 ‼</strong><br><br><code>In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25718">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 17:19:46">
17:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-33532 ‼</strong><br><br><code>In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33532">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25719">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 17:19:47">
17:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-33542 ‼</strong><br><br><code>Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25720">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 18:23:20">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Linux: How to find details about user logins 🦿</strong><br><br><code>If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.</code><br><br><a href="https://www.techrepublic.com/videos/linux-how-to-find-details-about-user-logins/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25721">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 18:25:08">
18:25
       </div>

       <div class="text">
<strong>❌ PS3 Players Ban: Latest Victims of Surging Attacks on Gaming Industry   ❌</strong><br><br><code>Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.</code><br><br><a href="https://threatpost.com/ps3-players-ban-attacks-gaming/167303/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25722">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 18:37:38">
18:37
       </div>

       <div class="text">
<strong>🕴 New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says 🕴</strong><br><br><code>Redmond&apos;s latest OS will run only on systems with TPM 2.0 chips.</code><br><br><a href="https://www.darkreading.com/endpoint/new-cpu-baseline-for-windows-11-will-ensure-better-security-microsoft-says/d/d-id/1341412?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25723">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 18:55:25">
18:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mercedes-Benz Customer Data Flies Out the Window ❌</strong><br><br><code>For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.</code><br><br><a href="https://threatpost.com/mercedes-benz-customer-data-flies-out-the-window/167302/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25724">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 19:19:50">
19:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35502 ‼</strong><br><br><code>app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25725">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 19:19:51">
19:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-25654 ‼</strong><br><br><code>An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25726">

      <div class="body">

       <div class="pull_right date details" title="25.06.2021 19:19:52">
19:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-1073 ‼</strong><br><br><code>NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users&apos; data being accessed, altered, or lost.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-820">

      <div class="body details">
27 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25727">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.06.2021 11:21:34">
11:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35513 ‼</strong><br><br><code>Mermaid before 8.11.0 allows XSS when the antiscript feature is used.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-821">

      <div class="body details">
28 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25728">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 02:22:11">
02:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20751 ‼</strong><br><br><code>Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25729">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 02:22:12">
02:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-20745 ‼</strong><br><br><code>Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25730">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 02:22:12">
02:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-20749 ‼</strong><br><br><code>Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25731">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 07:22:25">
07:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23399 ‼</strong><br><br><code>This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23399">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25732">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 09:22:32">
09:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20099 ‼</strong><br><br><code>Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20099">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25733">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 09:22:32">
09:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-20100 ‼</strong><br><br><code>Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20100">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25734">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 09:25:08">
09:25
       </div>

       <div class="text">
<strong>🦿 Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million 🦿</strong><br><br><code>New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-study-solarwinds-attack-cost-affected-us-companies-an-average-of-12-million/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25735">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 11:09:46">
11:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Role of Encryption in Protecting LGBTQ+ Community Members 🕴</strong><br><br><code>The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.</code><br><br><a href="https://www.darkreading.com/endpoint/the-role-of-encryption-in-protecting-lgbtq+-community-members/a/d-id/1341404?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25736">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 11:27:38">
11:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32496 ‼</strong><br><br><code>SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25737">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 11:27:39">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29157 ‼</strong><br><br><code>Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25738">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 12:24:35">
12:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Android: How to enable the Password Checkup feature 🦿</strong><br><br><code>Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.</code><br><br><a href="https://www.techrepublic.com/videos/android-how-to-enable-the-password-checkup-feature/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25739">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 13:27:16">
13:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical CISO Initiatives for the Second Half of 2021 ❌</strong><br><br><code>Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.</code><br><br><a href="https://threatpost.com/critical-ciso-initiatives-2021/167309/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25740">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 13:27:17">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-28570 ‼</strong><br><br><code>Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25741">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 13:27:18">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-21090 ‼</strong><br><br><code>Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21090">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25742">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 13:27:19">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-28575 ‼</strong><br><br><code>Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25743">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 13:54:35">
13:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How developing mental immunity can help you make better cybersecurity decisions 🦿</strong><br><br><code>Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.</code><br><br><a href="https://www.techrepublic.com/article/how-developing-mental-immunity-can-help-you-make-better-cybersecurity-decisions/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25744">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 13:57:36">
13:57
       </div>

       <div class="text">
<strong>❌ Microsoft Signs Malware That Spreads Through Gaming ❌</strong><br><br><code>The driver, called &quot;Netfilter,&quot; is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers&apos; geo-locations to cheat the system and play from anywhere, Microsoft said.</code><br><br><a href="https://threatpost.com/microsoft-malicious-rootkit-gaming/167323/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25745">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 15:09:47">
15:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Danger of Action Bias: Is It Always Better to Act Quickly? 🕴</strong><br><br><code>Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.</code><br><br><a href="https://www.darkreading.com/careers-and-people/the-danger-of-action-bias-is-it-always-better-to-act-quickly/d/d-id/1341415?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25746">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 15:27:49">
15:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32719 ‼</strong><br><br><code>RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper &lt;script&gt; tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25747">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 15:27:50">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20494 ‼</strong><br><br><code>IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25748">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 15:27:51">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-23711 ‼</strong><br><br><code>SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25749">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 15:27:52">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20572 ‼</strong><br><br><code>IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25750">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 16:09:50">
16:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 An Interesting Approach to Cyber Insurance 🕴</strong><br><br><code>What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver&apos;s ed course.</code><br><br><a href="https://www.darkreading.com/edge/theedge/an-interesting-approach-to-cyber-insurance/b/d-id/1341413?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25751">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 16:27:22">
16:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Russian Attackers Breach Microsoft Customer Service Accounts ❌</strong><br><br><code>American IT companies and government have been targeted by the Nobelium state-sponsored group.  </code><br><br><a href="https://threatpost.com/russian-attackers-breach-microsoft/167340/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25752">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 16:54:39">
16:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million 🦿</strong><br><br><code>New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-study-solarwinds-attack-cost-affected-companies-an-average-of-12-million/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25753">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 17:09:53">
17:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Tracks Attack Campaign Against Customer Support Agents 🕴</strong><br><br><code>The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.</code><br><br><a href="https://www.darkreading.com/endpoint/microsoft-tracks-attack-campaign-against-customer-support-agents/d/d-id/1341416?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25754">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 17:27:54">
17:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-22607 ‼</strong><br><br><code>Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25755">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 17:27:55">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-22609 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25756">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 17:39:52">
17:39
       </div>

       <div class="text">
<strong>🕴 New House Bill Aims to Drive Americans&apos; Security Awareness 🕴</strong><br><br><code>The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-house-bill-aims-to-drive-americans-security-awareness/d/d-id/1341418?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25757">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 17:57:26">
17:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ NVIDIA Patches High-Severity GeForce Spoof-Attack Bug ❌</strong><br><br><code>A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.</code><br><br><a href="https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25758">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 18:22:39">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Data Protection Act of 2021 Would Create US Data Protection Agency 🔏</strong><br><br><code>The proposed legislation would create an agency to enforce data protection rules and oversee high-risk data practices.</code><br><br><a href="https://digitalguardian.com/blog/data-protection-act-2021-would-create-us-data-protection-agency">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25759">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 18:27:24">
18:27
       </div>

       <div class="text">
<strong>❌ 5G Security Vulnerabilities Fluster Mobile Operators ❌</strong><br><br><code>A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).</code><br><br><a href="https://threatpost.com/mobile-operators-5g-security-vulnerabilities/167354/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25760">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 18:39:54">
18:39
       </div>

       <div class="text">
<strong>🕴 Attacks Erase Western Digital Network-Attached Storage Drives 🕴</strong><br><br><code>The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/attacks-erase-western-digital-network-attached-storage-drives/d/d-id/1341419?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25761">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:27:58">
19:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21142 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25762">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:27:59">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-35298 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a &apos;note&apos; field to store additional information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35298">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25763">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:00">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-35302 ‼</strong><br><br><code>Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25764">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:01">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32722 ‼</strong><br><br><code>GlobalNewFiles is a mediawiki extension. All existing versions of GlobalNewFiles are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. No patches are currently available. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25765">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:02">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-35303 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25766">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:05">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32723 ‼</strong><br><br><code>Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25767">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:06">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-35301 ‼</strong><br><br><code>Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35301">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25768">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:07">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-35299 ‼</strong><br><br><code>Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25769">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:28:08">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-35300 ‼</strong><br><br><code>Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers&apos; page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35300">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25770">

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 19:39:56">
19:39
       </div>

       <div class="text">
<strong>🕴 Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit 🕴</strong><br><br><code>Rogue driver was distributed within gaming community in China, company says.</code><br><br><a href="https://www.darkreading.com/endpoint/microsoft-refining-third-party-driver-vetting-processes-after-signing-malicious-rootkit/d/d-id/1341420?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25771">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.06.2021 20:27:33">
20:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground ❌</strong><br><br><code>After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it&apos;s happened again - with big security ramifications.</code><br><br><a href="https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-822">

      <div class="body details">
29 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25772">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 02:28:20">
02:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1134 ‼</strong><br><br><code>A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25773">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 06:27:46">
06:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cobalt Strike Usage Explodes Among Cybercrooks ❌</strong><br><br><code>The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”</code><br><br><a href="https://threatpost.com/cobalt-strike-cybercrooks/167368/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25774">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 08:57:50">
08:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Details of RCE Bug in Adobe Experience Manager Revealed ❌</strong><br><br><code>Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.</code><br><br><a href="https://threatpost.com/rce-bug-in-adobe-revealed/167382/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25775">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 09:28:42">
09:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33503 ‼</strong><br><br><code>An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33503">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25776">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 09:28:43">
09:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-34548 ‼</strong><br><br><code>An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25777">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 10:54:58">
10:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Americans lost $29.8 billion to phone scams in the past year, study finds 🦿</strong><br><br><code>The number of spam calls, the number of people losing money to them and the total amount of money lost In the past year are all record setting.</code><br><br><a href="https://www.techrepublic.com/article/americans-lost-29-8-billion-to-phone-scams-in-the-past-year-study-finds/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25778">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 11:10:28">
11:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 3 Ways Cybercriminals Are Undermining MFA 🕴</strong><br><br><code>Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.</code><br><br><a href="https://www.darkreading.com/endpoint/3-ways-cybercriminals-are-undermining-mfa/a/d-id/1341341?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25779">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 11:28:47">
11:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23400 ‼</strong><br><br><code>The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23400">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25780">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 11:28:48">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-7871 ‼</strong><br><br><code>A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25781">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 12:25:02">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Security and automation are top priorities for IT professionals 🦿</strong><br><br><code>Data protection and lack of budgets and resources continue to present the biggest challenges as cyberattacks increase, according to a new Kaseya report.</code><br><br><a href="https://www.techrepublic.com/article/security-and-automation-are-top-priorities-for-it-professionals/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25782">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:09:32">
13:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Proxmark 4.13441 🛠</strong><br><br><code>This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.</code><br><br><a href="https://packetstormsecurity.com/files/163304/proxmark3-4.13441.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25783">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:28:56">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7868 ‼</strong><br><br><code>A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7868">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25784">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:28:57">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32992 ‼</strong><br><br><code>FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32992">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25785">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:28:58">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-31505 ‼</strong><br><br><code>This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31505">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25786">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:28:58">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-7870 ‼</strong><br><br><code>A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7870">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25787">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:55:00">
13:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to give users sudo privileges on Ubuntu and Red Hat-based Linux distributions in Linux 🦿</strong><br><br><code>New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.</code><br><br><a href="https://www.techrepublic.com/videos/how-to-give-users-sudo-privileges-on-ubuntu-and-red-hat-based-linux-distributions-in-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25788">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 13:58:00">
13:58
       </div>

       <div class="text">
<strong>❌ Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks ❌</strong><br><br><code>The bug in Edge&apos;s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.</code><br><br><a href="https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25789">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 14:40:36">
14:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Technology&apos;s Complexity and Opacity Threaten Critical Infrastructure Security 🕴</strong><br><br><code>Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.</code><br><br><a href="https://www.darkreading.com/endpoint/technologys-complexity-and-opacity-threaten-critical-infrastructure-security/a/d-id/1341368?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25790">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 15:29:00">
15:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20104 ‼</strong><br><br><code>Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20104">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25791">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 15:29:00">
15:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-20105 ‼</strong><br><br><code>Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized &apos;ref&apos; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25792">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 15:29:01">
15:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-20580 ‼</strong><br><br><code>IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20580">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25793">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 15:40:38">
15:40
       </div>

       <div class="text">
<strong>🕴 Survey Data Reveals Gap in Americans&apos; Security Awareness 🕴</strong><br><br><code>Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/survey-data-reveals-gap-in-americans-security-awareness/d/d-id/1341434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25794">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 15:55:07">
15:55
       </div>

       <div class="text">
<strong>🦿 How legitimate security tool Cobalt Strike is being used in cyberattacks 🦿</strong><br><br><code>Normally used by organizations for penetration testing, Cobalt Strike is exploited by cybercriminals to launch attacks, says Proofpoint.</code><br><br><a href="https://www.techrepublic.com/article/how-legitimate-security-tool-cobalt-strike-is-being-used-in-cyberattacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25795">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 15:55:08">
15:55
       </div>

       <div class="text">
<strong>🦿 Cyberattacks and ransomware are no longer burglary; they&apos;re home invasion, expert says 🦿</strong><br><br><code>More than 3.5 million people worldwide are needed to play defense against cyberattacks.</code><br><br><a href="https://www.techrepublic.com/article/cyberattacks-and-ransomware-are-no-longer-burglary-theyre-home-invasion-expert-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25796">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 16:40:41">
16:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Publishes Catalog of Poor Security Practices 🕴</strong><br><br><code>Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.</code><br><br><a href="https://www.darkreading.com/risk/cisa-publishes-catalog-of-poor-security-practices/d/d-id/1341435?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25797">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 16:58:04">
16:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Users Clueless About Cybersecurity Risks: Study ❌</strong><br><br><code>The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.</code><br><br><a href="https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25798">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 17:25:05">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 iOS 15: How to enable Mail Privacy Protection 🦿</strong><br><br><code>If you have access to Apple&apos;s iOS 15 Developer Beta, learn how to use an important security feature called Mail Privacy Protection.</code><br><br><a href="https://www.techrepublic.com/article/ios-15-how-to-enable-mail-privacy-protection/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25799">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 17:29:06">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-32721 ‼</strong><br><br><code>PowerMux is a drop-in replacement for Go&apos;s http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32721">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25800">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 17:29:07">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-22338 ‼</strong><br><br><code>There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25801">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 17:29:08">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-23275 ‼</strong><br><br><code>The Windows Installation component of TIBCO Software Inc.&apos;s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.&apos;s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25802">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 17:29:09">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-29480 ‼</strong><br><br><code>Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation&apos;s recommendation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25803">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 18:40:45">
18:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ransomware Losses Drive Up Cyber-Insurance Costs 🕴</strong><br><br><code>Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.</code><br><br><a href="https://www.darkreading.com/risk/ransomware-losses-drive-up-cyber-insurance-costs/d/d-id/1341436?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25804">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 19:10:44">
19:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google Updates Vulnerability Data Format to Support Automation 🕴</strong><br><br><code>The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/google-updates-vulnerability-data-format-to-support-automation/d/d-id/1341437?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25805">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 19:29:11">
19:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22329 ‼</strong><br><br><code>There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25806">

      <div class="body">

       <div class="pull_right date details" title="29.06.2021 19:29:12">
19:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-22341 ‼</strong><br><br><code>There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-823">

      <div class="body details">
30 June 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25807">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 02:29:31">
02:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35959 ‼</strong><br><br><code>In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35959">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25808">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 06:25:08">
06:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Windows 11: Understanding the system requirements and the security benefits 🦿</strong><br><br><code>Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.</code><br><br><a href="https://www.techrepublic.com/article/windows-11-understanding-the-system-requirements-and-the-security-benefits/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25809">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 07:29:46">
07:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32566 ‼</strong><br><br><code>Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25810">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 07:29:47">
07:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-35474 ‼</strong><br><br><code>Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25811">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 09:17:06">
09:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Police warn of WhatsApp scams in time for Social Media Day ⚠</strong><br><br><code>Happy Social Media Day! Make it a day to review whether your social media security really is up to scratch.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/30/police-warn-of-whatsapp-scams-in-time-for-social-media-day/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25812">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 09:29:55">
09:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-34383 ‼</strong><br><br><code>Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34383">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25813">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 09:29:56">
09:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-28692 ‼</strong><br><br><code>inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28692">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25814">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 09:29:57">
09:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-34385 ‼</strong><br><br><code>Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25815">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 09:29:58">
09:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-34373 ‼</strong><br><br><code>Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25816">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 09:58:32">
09:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns ❌</strong><br><br><code>A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification</code><br><br><a href="https://threatpost.com/feds-manage-facial-recognition-privacy-concerns/167419/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25817">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 11:11:23">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 9 Hot Trends in Cybersecurity Mergers &amp; Acquisitions 🕴</strong><br><br><code>Security experts share their observations of the past year in cybersecurity M&amp;A, highlighting key trends and notable deals.</code><br><br><a href="https://www.darkreading.com/endpoint/9-hot-trends-in-cybersecurity-mergers-and-acquisitions/d/d-id/1341375?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25818">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 11:25:27">
11:25
       </div>

       <div class="text">
<strong>🦿 Ransomware experts urge victims not to pay, but are they listening? 🦿</strong><br><br><code>The number of attacks from, and payouts to, ransomware extortionists continue to rise despite only 20% saying giving into demands is the best course, Menlo Security finds.</code><br><br><a href="https://www.techrepublic.com/article/ransomware-experts-urge-victims-not-to-pay-but-are-they-listening/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25819">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 11:30:00">
11:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-27902 ‼</strong><br><br><code>An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27902">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25820">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 11:30:01">
11:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-27903 ‼</strong><br><br><code>An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator&apos;s session).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25821">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 11:47:10">
11:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Colombian police arrest Gozi malware suspect after 8 years at large ⚠</strong><br><br><code>Safe at home, apparently, but not so safe overseas.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/30/colombian-police-arrest-gozi-malware-suspect-after-8-years-at-large/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25822">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:10:18">
13:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Global Socket 1.4.32 🛠</strong><br><br><code>Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL&apos;s SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.</code><br><br><a href="https://packetstormsecurity.com/files/163329/gsocket-1.4.32.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25823">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:10:19">
13:10
       </div>

       <div class="text">
<strong>🛠 Faraday 3.16.0 🛠</strong><br><br><code>Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.</code><br><br><a href="https://packetstormsecurity.com/files/163326/faraday-3.16.0.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25824">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:28:38">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Zero-Day Used to Wipe My Book Live Devices ❌</strong><br><br><code>Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.</code><br><br><a href="https://threatpost.com/zero-day-wipe-my-book-live/167422/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25825">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:31:52">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-22376 ‼</strong><br><br><code>There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25826">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:31:53">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-35971 ‼</strong><br><br><code>Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25827">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:31:54">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-35973 ‼</strong><br><br><code>NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &amp;currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25828">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 13:58:40">
13:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Why MTTR is Bad for SecOps ❌</strong><br><br><code>Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.</code><br><br><a href="https://threatpost.com/mttr-bad-secops/167440/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25829">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 14:11:30">
14:11
       </div>

       <div class="text">
<strong>🕴 7 Skills the Transportation Sector Needs to Fuel Its Security Teams 🕴</strong><br><br><code>Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.</code><br><br><a href="https://www.darkreading.com/edge/theedge/7-skills-the-transportation-sector-needs-to-fuel-its-security-teams/b/d-id/1341438?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25830">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 15:25:27">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cyber investments are growing, but not enough 🦿</strong><br><br><code>64% of respondents to PwC&apos;s latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond.</code><br><br><a href="https://www.techrepublic.com/article/cyber-investments-are-growing-but-not-enough/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25831">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 15:30:12">
15:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-21675 ‼</strong><br><br><code>A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25832">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 15:30:13">
15:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-21672 ‼</strong><br><br><code>Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21672">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25833">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 15:30:14">
15:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-21671 ‼</strong><br><br><code>Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25834">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 16:11:34">
16:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Intl. Law Enforcement Operation Takes Down DoubleVPN 🕴</strong><br><br><code>The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.</code><br><br><a href="https://www.darkreading.com/endpoint/intl-law-enforcement-operation-takes-down-doublevpn/d/d-id/1341439?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25835">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 16:23:51">
16:23
       </div>

       <div class="text">
<strong>🔏 An Interview with Ben McGraw, Cybersecurity Manager at Digital Guardian Part II 🔏</strong><br><br><code>In part two of our Q&amp;A with Ben McGraw, we discuss how automation will change the industry, how to improve the cybersecurity skills gap, and who is Digital Guardian&apos;s best basketball player.</code><br><br><a href="https://digitalguardian.com/blog/interview-ben-mcgraw-cybersecurity-manager-digital-guardian-part-ii">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25836">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 17:28:46">
17:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Indexsinas SMB Worm Campaign Infests Whole Enterprises ❌</strong><br><br><code>The self-propagating malware&apos;s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.</code><br><br><a href="https://threatpost.com/indexsinas-smb-worm-enterprises/167455/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25837">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 17:31:47">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-22367 ‼</strong><br><br><code>There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25838">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 17:31:48">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-22353 ‼</strong><br><br><code>There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25839">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 17:41:37">
17:41
       </div>

       <div class="text">
<strong>🕴 Impersonation Becomes Top Phishing Technique 🕴</strong><br><br><code>A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/impersonation-becomes-top-phishing-technique/d/d-id/1341443?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25840">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 17:41:37">
17:41
       </div>

       <div class="text">
<strong>🕴 Attackers Already Unleashing Malware for Apple macOS M1 Chip 🕴</strong><br><br><code>Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.</code><br><br><a href="https://www.darkreading.com/endpoint/attackers-already-unleashing-malware-for-apple-macos-m1-chip/d/d-id/1341442?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25841">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 18:41:40">
18:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SMB Worm Targeting EternalBlue Vuln Spreads to US 🕴</strong><br><br><code>&quot;Indexsinas&quot; is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.</code><br><br><a href="https://www.darkreading.com/endpoint/smb-worm-targeting-eternalblue-vuln-spreads-to-us/d/d-id/1341445?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25842">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 18:47:15">
18:47
       </div>

       <div class="text">
<strong>⚠ PrintNightmare, the zero-day hole in Windows – here’s what to do ⚠</strong><br><br><code>All bugs are equal. But some bugs ar emore equal than others.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/06/30/printnightmare-the-zero-day-hole-in-windows-heres-what-to-do/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25843">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 19:30:21">
19:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22346 ‼</strong><br><br><code>There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25844">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 19:30:22">
19:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-22350 ‼</strong><br><br><code>There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25845">

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 19:41:41">
19:41
       </div>

       <div class="text">
<strong>🕴 SentinelOne Starts Trading on NYSE, Raises $1.2B in IPO 🕴</strong><br><br><code>IPO is the highest valued in cybersecurity history, according to reports.</code><br><br><a href="https://www.darkreading.com/endpoint/sentinelone-starts-trading-on-nyse-raises-%2412b-in-ipo/d/d-id/1341452?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25846">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.06.2021 21:30:27">
21:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22345 ‼</strong><br><br><code>There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-824">

      <div class="body details">
1 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25847">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 02:30:42">
02:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28803 ‼</strong><br><br><code>This issue affects: QNAP Systems Inc. Q&apos;center versions prior to 1.11.1004.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28803">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25848">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 02:30:42">
02:30
       </div>

       <div class="text">
<strong>‼ CVE-2018-25018 ‼</strong><br><br><code>UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25018">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25849">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 07:30:52">
07:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20752 ‼</strong><br><br><code>Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25850">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 08:59:13">
08:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ LinkedIn’s 1.2B Data-Scrape Victims Already Being Targeted by Attackers ❌</strong><br><br><code>A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum.</code><br><br><a href="https://threatpost.com/linkedin-data-scrape-victims-targeted-attackers/167473/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25851">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 08:59:14">
08:59
       </div>

       <div class="text">
<strong>❌ Dropbox Used to Mask Malware Movement in Cyberespionage Campaign ❌</strong><br><br><code>The ongoing spear-phishing campaign targeting the Afghan government uses Dropbox as an API that leaves no traces of communications with weirdo websites.</code><br><br><a href="https://threatpost.com/dropbox-malware-ongoing-spearphishing-cyberespionage/167402/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25852">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 09:30:56">
09:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22347 ‼</strong><br><br><code>There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25853">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 10:17:32">
10:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep39: Paying the date, #SocialMediaDay</strong> <strong>tips, and a special splintersode [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/01/s3-ep39-paying-the-date-socialmediaday-tips-and-a-special-splintersode-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25854">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:12:24">
11:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep39: Paying the date, #SocialMediaDay</strong> <strong>tips, and a special splintersode [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/01/s3-ep39-paying-the-date-socialmediaday-tips-and-a-special-splintersode-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25855">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:12:25">
11:12
       </div>

       <div class="text">
<strong>❌ Data Exfiltration: What You Should Know to Prevent It ❌</strong><br><br><code>Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here&apos;s how you can protect your organization from data theft.</code><br><br><a href="https://threatpost.com/data-exfiltration-prevent-it/167413/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25856">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:12:26">
11:12
       </div>

       <div class="text">
<strong>🕴 Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats 🕴</strong><br><br><code>One-time reactive measures can&apos;t keep up. It&apos;s time to be proactive and pick our swords and not just our shields.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/stop-playing-catchup-move-from-reactive-to-proactive-to-defeat-cyber-threats/a/d-id/1341372?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25857">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:29:24">
11:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Babuk Ransomware Builder Mysteriously Appears in VirusTotal ❌</strong><br><br><code>The gang&apos;s source code is now available to rivals and security researchers alike - and a decryptor likely is not far behind.</code><br><br><a href="https://threatpost.com/babuk-ransomware-builder-virustotal/167481/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25858">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:32:26">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-27477 ‼</strong><br><br><code>When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27477">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25859">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:32:27">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-31813 ‼</strong><br><br><code>Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31813">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25860">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 11:32:27">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-22344 ‼</strong><br><br><code>There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25861">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 13:25:14">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to set Google Search History to auto-delete on Android 🦿</strong><br><br><code>If you don&apos;t like the idea of your Android search history being saved, Jack Wallen wants to show you how to set it to auto-delete.</code><br><br><a href="https://www.techrepublic.com/article/how-to-set-google-search-history-to-auto-delete-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25862">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 13:25:16">
13:25
       </div>

       <div class="text">
<strong>🦿 The possible reasons Google is moving away from APKs on Android 🦿</strong><br><br><code>Google has announced it is moving away from the APK format for Android apps. Jack Wallen offers his opinion on why this could be happening.</code><br><br><a href="https://www.techrepublic.com/article/the-possible-reasons-google-is-moving-away-from-apks-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25863">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 13:29:19">
13:29
       </div>

       <div class="text">
<strong>❌ Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web ❌</strong><br><br><code>LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.</code><br><br><a href="https://threatpost.com/hacked-data-limevpn-dark-web/167492/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25864">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 13:32:20">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28423 ‼</strong><br><br><code>Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the &apos;editid&apos; GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the &apos;searchdata&apos; POST parameter in search.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28423">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25865">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 13:32:21">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28424 ‼</strong><br><br><code>A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the &apos;email&apos; POST parameter in adminprofile.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25866">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 13:32:22">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-28127 ‼</strong><br><br><code>An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25867">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 14:11:10">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Falco 0.29.1 🛠</strong><br><br><code>Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.</code><br><br><a href="https://packetstormsecurity.com/files/163340/falco-0.29.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25868">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 14:14:10">
14:14
       </div>

       <div class="text">
<strong>🕴 Why Are There Never Enough Logs During An Incident Response? 🕴</strong><br><br><code>Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they&apos;re not.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/why-are-there-never-enough-logs-during-an-incident-response/a/d-id/1341411?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25869">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 14:24:48">
14:24
       </div>

       <div class="text">
<strong>🔏 CISA Shares New Ransomware Self-Assessment Tool 🔏</strong><br><br><code>The new security audit self-assessment tool is designed to help organizations better understand how well they&apos;re equipped to defend and recover from ransomware.</code><br><br><a href="https://digitalguardian.com/blog/cisa-shares-new-ransomware-self-assessment-tool">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25870">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 14:42:25">
14:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 NSA &amp; CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs 🕴</strong><br><br><code>Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/nsa-and-cisa-issue-warning-about-russian-gru-brute-force-cyberattacks-against-us-global-orgs/d/d-id/1341458?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25871">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 15:12:26">
15:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Edge Toon: Security Grill 🕴</strong><br><br><code>Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/edge/theedge/name-that-edge-toon-security-grill/b/d-id/1341464?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25872">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 15:25:28">
15:25
       </div>

       <div class="text">
<strong>🦿 Awareness of cyberattacks and cybersecurity may be lacking among workers 🦿</strong><br><br><code>A survey of business professionals by Armis points to a lack of knowledge about recent incidents and proper cyber hygiene.</code><br><br><a href="https://www.techrepublic.com/article/awareness-of-cyberattacks-and-cybersecurity-may-be-lacking-among-workers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25873">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 15:31:17">
15:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-27362 ‼</strong><br><br><code>An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25874">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 15:31:17">
15:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-4935 ‼</strong><br><br><code>IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25875">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 15:42:27">
15:42
       </div>

       <div class="text">
<strong>🕴 WhiteHat Security Rebrands as NTT Application Security 🕴</strong><br><br><code>The name change follows NTT Security Corporation&apos;s acquisition of WhiteHat in 2019.</code><br><br><a href="https://www.darkreading.com/application-security/whitehat-security-rebrands-as-ntt-application-security/d/d-id/1341466?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25876">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 16:29:31">
16:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Defeating Ransomware-as-a-Service? Think Intel-Sharing ❌</strong><br><br><code>Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it.</code><br><br><a href="https://threatpost.com/ransomware-as-a-service-intel-sharing/167508/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25877">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 17:31:19">
17:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32731 ‼</strong><br><br><code>XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32731">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25878">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 17:59:28">
17:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices ❌</strong><br><br><code>Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks.</code><br><br><a href="https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25879">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 19:12:42">
19:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Urges Orgs to Disable Windows Print Spooler on Critical Systems 🕴</strong><br><br><code>Patches Microsoft issued last month not effective against exploits targeting &quot;PrintNightmare&quot; flaw, agency and others say.</code><br><br><a href="https://www.darkreading.com/endpoint/cisa-urges-orgs-to-disable-windows-print-spooler-on-critical-systems/d/d-id/1341468?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25880">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 19:31:21">
19:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-23209 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the &quot;List Description&quot; field under the &quot;Edit A List&quot; module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25881">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 19:31:22">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-23205 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the &quot;Site Name&quot; field under the &quot;Site Settings&quot; module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23205">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25882">

      <div class="body">

       <div class="pull_right date details" title="01.07.2021 19:42:35">
19:42
       </div>

       <div class="text">
<strong>🕴 GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code 🕴</strong><br><br><code>The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.</code><br><br><a href="https://www.darkreading.com/application-security/github-unveils-ai-tool-to-speed-development-but-beware-insecure-code/d/d-id/1341469?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-825">

      <div class="body details">
2 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25883">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 07:31:58">
07:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26920 ‼</strong><br><br><code>In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25884">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 09:29:55">
09:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ CISA Offers New Mitigation for PrintNightmare Bug ❌</strong><br><br><code>CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.</code><br><br><a href="https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25885">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 09:32:56">
09:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-27455 ‼</strong><br><br><code>Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27455">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25886">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 09:32:57">
09:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-35029 ‼</strong><br><br><code>An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25887">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 10:47:58">
10:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ US email hacker gets his “computer trespass” conviction reversed ⚠</strong><br><br><code>Court says that we need to &quot;avoid a construction that makes some language mere surplusage.&quot;</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/02/us-email-hacker-gets-his-computer-trespass-conviction-reversed/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25888">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 10:56:19">
10:56
       </div>

       <div class="text">
<strong>🦿 Container security: How to get the most out of best practices 🦿</strong><br><br><code>Containers are complex virtual entities that provide proven benefits to the business but also require strong security guidelines. Learn how to get the most out of container security best practices.</code><br><br><a href="https://www.techrepublic.com/article/container-security-how-to-get-the-most-out-of-best-practices/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25889">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 11:13:14">
11:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 WFH: A Smart Time to Revisit Employee Use of Social Media 🕴</strong><br><br><code>Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization&apos;s core values.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/wfh-a-smart-time-to-revisit-employee-use-of-social-media/a/d-id/1341387?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25890">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 11:17:25">
11:17
       </div>

       <div class="text">
<strong>🔏 Friday Five 7/2 🔏</strong><br><br><code>Ransomware venture capital, VPN shutdowns, and the latest from Fancy Bear - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-7/2">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25891">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 11:32:10">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36130 ‼</strong><br><br><code>An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25892">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 11:32:11">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36132 ‼</strong><br><br><code>An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25893">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 11:32:12">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-3606 ‼</strong><br><br><code>OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3606">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25894">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 12:43:22">
12:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 5 Mistakes That Impact a Security Team&apos;s Success 🕴</strong><br><br><code>The way we work and treat each other go a long way in improving our organizations&apos; security posture.</code><br><br><a href="https://www.darkreading.com/edge/theedge/5-mistakes-that-impact-a-security-teams-success/b/d-id/1341470?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25895">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 13:30:01">
13:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ TrickBot Spruces Up Its Banking Trojan Module ❌</strong><br><br><code>After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game.</code><br><br><a href="https://threatpost.com/trickbot-banking-trojan-module/167521/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25896">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 13:33:02">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27950 ‼</strong><br><br><code>A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25897">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 13:33:04">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-32735 ‼</strong><br><br><code>Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel&apos;s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32735">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25898">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 13:42:01">
13:42
       </div>

       <div class="text">
<strong>🛠 Suricata IDPE 6.0.3 🛠</strong><br><br><code>Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It&apos;s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.</code><br><br><a href="https://packetstormsecurity.com/files/163354/suricata-6.0.3.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25899">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 13:45:06">
13:45
       </div>

       <div class="text">
<strong>🕴 SOC Investment Improves Detection and Response Times, Data Shows 🕴</strong><br><br><code>A survey of IT and security pros finds many are confident in their ability to detect security incidents in near-real time or within minutes.</code><br><br><a href="https://www.darkreading.com/operations/soc-investment-improves-detection-and-response-times-data-shows/d/d-id/1341472?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25900">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 14:13:24">
14:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Issues New CVE for &apos;PrintNightmare&apos; Flaw 🕴</strong><br><br><code>Company says remote code execution issue in all Windows versions is different from one in Windows Print Spooler that it had patched last month, though both affect same function.</code><br><br><a href="https://www.darkreading.com/endpoint/microsoft-issues-new-cve-for-printnightmare-flaw/d/d-id/1341471?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25901">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 14:13:25">
14:13
       </div>

       <div class="text">
<strong>🕴 Secured-Core PCs May Mitigate Firmware Attacks, But Adoption Lags 🕴</strong><br><br><code>Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/secured-core-pcs-may-mitigate-firmware-attacks-but-adoption-lags/d/d-id/1341473?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25902">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 15:32:20">
15:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23402 ‼</strong><br><br><code>All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23402">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25903">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 16:13:28">
16:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Barracuda Agrees to Acquire Skout Cybersecurity 🕴</strong><br><br><code>The acquisition will bring Barracuda into the extended detection and response (XDR) market with a tool for managed service providers.</code><br><br><a href="https://www.darkreading.com/endpoint/barracuda-agrees-to-acquire-skout-cybersecurity/d/d-id/1341474?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25904">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 17:32:28">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32737 ‼</strong><br><br><code>Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25905">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 17:32:28">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-23185 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25906">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 17:32:29">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-23178 ‼</strong><br><br><code>An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25907">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 18:56:28">
18:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 You don&apos;t have to be a tech expert to become a cybersecurity pro 🦿</strong><br><br><code>Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand.</code><br><br><a href="https://www.techrepublic.com/article/you-dont-have-to-be-a-tech-expert-to-become-a-cybersecurity-pro/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25908">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 21:32:39">
21:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36146 ‼</strong><br><br><code>ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25909">

      <div class="body">

       <div class="pull_right date details" title="02.07.2021 21:32:40">
21:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34527 ‼</strong><br><br><code>Windows Print Spooler Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-826">

      <div class="body details">
5 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25910">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 09:02:07">
09:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ransomware Defense: Top 5 Things to Do Right Now ❌</strong><br><br><code>Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.</code><br><br><a href="https://threatpost.com/ransomware-defense-top-5-tips/167536/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25911">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 09:35:35">
09:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23401 ‼</strong><br><br><code>This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using &apos;autocorrect_location_header=False.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23401">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25912">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 11:15:53">
11:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Watch for Cybersecurity Games at the Tokyo Olympics 🕴</strong><br><br><code>The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/watch-for-cybersecurity-games-at-the-tokyo-olympics/a/d-id/1341425?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25913">

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 11:18:57">
11:18
       </div>

       <div class="text">
<strong>⚠ Kaseya ransomware attackers say: “Pay $70 million and we’ll set everyone free” ⚠</strong><br><br><code>Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/05/kaseya-ransomware-attackers-say-pay-70-million-and-well-set-everyone-free/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25914">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 13:35:48">
13:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26763 ‼</strong><br><br><code>The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25915">

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 13:44:19">
13:44
       </div>

       <div class="text">
<strong>🛠 SQLMAP - Automatic SQL Injection Tool 1.5.7 🛠</strong><br><br><code>sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user&apos;s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.</code><br><br><a href="https://packetstormsecurity.com/files/163386/sqlmap-1.5.7.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25916">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 16:49:05">
16:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Kaseya ransomware attackers say: “Pay $70 million and we’ll set everyone free” ⚠</strong><br><br><code>Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/05/kaseya-ransomware-attackers-say-pay-70-million-and-well-set-everyone-free/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25917">

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 16:49:06">
16:49
       </div>

       <div class="text">
<strong>⚠ S3 Ep 39.5: A conversation with Eva Galperin [Podcast] ⚠</strong><br><br><code>Cryptography, privacy, stalkerware and how infosec professionals relax. Listen, enjoy and learn!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/05/s3-ep-39-5-a-conversation-with-eva-galperin-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25918">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 17:32:21">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Kaseya Attack Fallout: CISA, FBI Offer Guidance ❌</strong><br><br><code>Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.</code><br><br><a href="https://threatpost.com/kaseya-attack-fallout/167541/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25919">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.07.2021 21:36:10">
21:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36158 ‼</strong><br><br><code>In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-827">

      <div class="body details">
6 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25920">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 02:36:32">
02:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32233 ‼</strong><br><br><code>SmarterTools SmarterMail before Build 7776 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25921">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 09:36:41">
09:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24389 ‼</strong><br><br><code>The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25922">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 09:36:42">
09:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-24386 ‼</strong><br><br><code>The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24386">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25923">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 09:36:43">
09:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-24407 ‼</strong><br><br><code>The Jannah WordPress theme before 5.4.5 did not properly sanitize the &apos;query&apos; POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25924">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 10:58:13">
10:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Critical flaws in Windows Print spooler service could allow for remote attacks 🦿</strong><br><br><code>Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.</code><br><br><a href="https://www.techrepublic.com/article/critical-flaws-in-windows-print-spooler-service-could-allow-for-remote-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25925">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 11:16:42">
11:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 8 Ways to Preserve Legal Privilege After a Cybersecurity Incident 🕴</strong><br><br><code>Knowing your legal distinctions can make defense easier should you end up in court after a breach, attack, or data loss.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/8-ways-to-preserve-legal-privilege-after-a-cybersecurity-incident/a/d-id/1341388?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25926">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 11:36:45">
11:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27930 ‼</strong><br><br><code>Multiple stored cross-site scripting (XSS) vulnerabilities in IRIS IrisNext 9.5.16 allow remote authenticated users to inject arbitrary web script or HTML via a document or folder name that is mishandled when rendering the contact form or search form.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27930">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25927">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 11:36:46">
11:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-32559 ‼</strong><br><br><code>An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25928">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 12:16:46">
12:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cyberattack on Kaseya Nets More Than 1,000 Victims, $70M Ransom Demand 🕴</strong><br><br><code>The provider of remote monitoring and management services warns customers to not run its software until a patch is available and manually installed.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cyberattack-on-kaseya-nets-more-than-1000-victims-%2470m-ransom-demand/d/d-id/1341476?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25929">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 12:58:17">
12:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Kaseya supply chain attack impacts more than 1,000 companies 🦿</strong><br><br><code>The REvil group is claiming that over 1 million devices have been infected and is demanding $70 million for a universal decryption key.</code><br><br><a href="https://www.techrepublic.com/article/kaseya-supply-chain-attack-impacts-more-than-1000-companies/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25930">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 13:02:59">
13:02
       </div>

       <div class="text">
<strong>❌ Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted ❌</strong><br><br><code>REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.</code><br><br><a href="https://threatpost.com/kaseya-patches-zero-day-exploits/167548/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25931">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 13:28:18">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The Audacity! How to wreck an open-source project and anger a community 🦿</strong><br><br><code>Audacity software has been acquired, and the new verbiage added to the privacy policy has the open-source community up in arms.</code><br><br><a href="https://www.techrepublic.com/article/the-audacity-how-to-wreck-an-open-source-project-and-anger-a-community/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25932">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 13:36:50">
13:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31771 ‼</strong><br><br><code>Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service &apos;WindowsScheduler&apos; calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as &quot;nt authority\system&quot;) since the service runs as Local System.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25933">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 13:36:51">
13:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-32740 ‼</strong><br><br><code>Addressable is an alternative implementation to the URI implementation that is part of Ruby&apos;s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32740">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25934">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 14:16:49">
14:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 It&apos;s High Time for a Security Scoring System for Applications and Open Source Libraries 🕴</strong><br><br><code>A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.</code><br><br><a href="https://www.darkreading.com/application-security/its-high-time-for-a-security-scoring-system-for-applications-and-open-source-libraries/a/d-id/1341402?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25935">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 14:20:00">
14:20
       </div>

       <div class="text">
<strong>🔏 What is GLBA Compliance? Understanding the Data Protection Requirements of the Gramm-Leach-Bliley Act in 2021 🔏</strong><br><br><code>Learn about what GLBA means for data protection and how to achieve GLBA compliance in Data Protection 101, our series on the fundamentals of information security.</code><br><br><a href="https://digitalguardian.com/blog/what-glba-compliance-understanding-data-protection-requirements-gramm-leach-bliley-act">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25936">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 14:33:01">
14:33
       </div>

       <div class="text">
<strong>❌ Western Digital Users Face Another RCE ❌</strong><br><br><code>Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.</code><br><br><a href="https://threatpost.com/rce-0-day-western-digital-users/167547/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25937">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 14:58:19">
14:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 1 in 4 employees say they still have access to accounts from past jobs, survey finds 🦿</strong><br><br><code>Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.</code><br><br><a href="https://www.techrepublic.com/article/1-in-4-employees-say-they-still-have-access-to-accounts-from-past-jobs-survey-finds/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25938">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 16:16:53">
16:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Workers Careless in Sharing &amp; Reusing Corporate Secrets 🕴</strong><br><br><code>A new survey shows leaked enterprise secrets costs companies millions of dollars each year.</code><br><br><a href="https://www.darkreading.com/risk/workers-careless-in-sharing-and-reusing-corporate-secrets/d/d-id/1341480?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25939">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 16:28:22">
16:28
       </div>

       <div class="text">
<strong>🦿 The mobile and desktop versions of Firefox Total Cookie Protection are now available 🦿</strong><br><br><code>Jack Wallen explains how to protect your web browsing from supercookies with Firefox&apos;s new privacy feature.</code><br><br><a href="https://www.techrepublic.com/videos/the-mobile-and-desktop-versions-of-firefox-total-cookie-protection-are-now-available/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25940">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 17:03:07">
17:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Android Apps in Google Play Harvest Facebook Credentials ❌</strong><br><br><code>The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.</code><br><br><a href="https://threatpost.com/android-apps-google-play-facebook-credentials/167563/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 17:37:00">
17:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34190 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the &quot;Name&quot; or &quot;Prefix&quot; fields under the &quot;Create New Rate&quot; module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25942">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 19:16:58">
19:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Researchers Learn From Nation-State Attackers&apos; OpSec Mistakes 🕴</strong><br><br><code>Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/researchers-learn-from-nation-state-attackers-opsec-mistakes/d/d-id/1341483?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25943">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 19:37:06">
19:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-22249 ‼</strong><br><br><code>Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25944">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 19:37:06">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22229 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25945">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 19:37:07">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-22251 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22251">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25946">

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 19:37:08">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23697 ‼</strong><br><br><code>Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25947">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.07.2021 21:37:10">
21:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22228 ‼</strong><br><br><code>An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-828">

      <div class="body details">
7 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25948">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 00:33:20">
00:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Pro-Trump ‘Gettr’ Social Platform Hacked On Day One ❌</strong><br><br><code>The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users&apos; profiles defaced. Next, hackers posted its user database online.</code><br><br><a href="https://threatpost.com/trump-gettr-social-media-hacked-day-1/167574/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25949">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 02:37:22">
02:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35039 ‼</strong><br><br><code>kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25950">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 07:37:34">
07:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20738 ‼</strong><br><br><code>WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25951">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 07:37:35">
07:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-20776 ‼</strong><br><br><code>Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25952">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 08:03:30">
08:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Releases Emergency Patch for PrintNightmare Bugs ❌</strong><br><br><code>The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.</code><br><br><a href="https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25953">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 09:03:33">
09:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cloud Cryptomining Swindle in Google Play Rakes in Cash ❌</strong><br><br><code>At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.</code><br><br><a href="https://threatpost.com/cloud-cryptomining-swindle-google-play/167581/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25954">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 09:37:39">
09:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22227 ‼</strong><br><br><code>A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25955">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 09:37:40">
09:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22230 ‼</strong><br><br><code>Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22230">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25956">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 09:49:46">
09:49
       </div>

       <div class="text">
<strong>⚠ PrintNightmare official patch is out – update now! ⚠</strong><br><br><code>Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/07/printnightmare-official-patch-is-out-update-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25957">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:17:34">
11:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Autonomous Security Is Essential if the Edge Is to Scale Properly 🕴</strong><br><br><code>Service demands at the network edge mean customers need to get cost, performance, and security right.</code><br><br><a href="https://www.darkreading.com/endpoint/autonomous-security-is-essential-if-the-edge-is-to-scale-properly/a/d-id/1341391?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25958">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:28:45">
11:28
       </div>

       <div class="text">
<strong>🦿 Microsoft rolls out emergency patch for critical PrintNightmare flaw 🦿</strong><br><br><code>Fixing a serious security hole in the Windows Print spooler service, the patch is available for almost all versions of Windows, even Windows 7.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-rolls-out-emergency-patch-for-critical-printnightmare-flaw/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25959">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:33:40">
11:33
       </div>

       <div class="text">
<strong>❌ Why I Love (Breaking Into) Your Security Appliances ❌</strong><br><br><code>David &quot;moose&quot; Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to &quot;pick one lock&quot; to invade an enterprise through them.</code><br><br><a href="https://threatpost.com/breaking-into-security-appliances/167584/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25960">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:37:44">
11:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-34623 ‼</strong><br><br><code>A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34623">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25961">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:37:45">
11:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-34624 ‼</strong><br><br><code>A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25962">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:37:46">
11:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22555 ‼</strong><br><br><code>A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25963">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 11:37:47">
11:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-36212 ‼</strong><br><br><code>app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25964">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 12:03:40">
12:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Fake Kaseya VSA Security Update Drops Cobalt Strike ❌</strong><br><br><code>Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.</code><br><br><a href="https://threatpost.com/fake-kaseya-vsa-update-cobalt-strike/167587/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25965">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 12:17:37">
12:17
       </div>

       <div class="text">
<strong>🕴 Security 101: The &apos;PrintNightmare&apos; Flaw 🕴</strong><br><br><code>A closer look at the printer software vulnerability - and what you can do about it.</code><br><br><a href="https://www.darkreading.com/edge/theedge/security-101-the-printnightmare-flaw/b/d-id/1341482?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25966">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 12:28:46">
12:28
       </div>

       <div class="text">
<strong>🦿 Critical flaws in Windows Print spooler service could allow for remote attacks 🦿</strong><br><br><code>Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.</code><br><br><a href="https://www.techrepublic.com/article/critical-flaws-in-windows-print-spooler-service-could-allow-for-remote-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25967">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 12:58:47">
12:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Critical flaws in Windows Print spooler service could allow for remote attacks 🦿</strong><br><br><code>Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.</code><br><br><a href="https://www.techrepublic.com/article/critical-flaws-in-windows-print-spooler-service-could-allow-for-remote-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25968">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:15:53">
13:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Zeek 4.0.3 🛠</strong><br><br><code>Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek&apos;s user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/163430/zeek-4.0.3.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25969">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:33:40">
13:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing ❌</strong><br><br><code>The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers&apos; bank-card data.</code><br><br><a href="https://threatpost.com/dr-hex-hacker-busted-phishing/167597/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25970">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:37:47">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-24143 ‼</strong><br><br><code>Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25971">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:37:48">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-20211 ‼</strong><br><br><code>Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20211">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25972">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:37:49">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-32535 ‼</strong><br><br><code>The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32535">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25973">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:37:50">
13:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-32514 ‼</strong><br><br><code>Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32514">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25974">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 13:47:42">
13:47
       </div>

       <div class="text">
<strong>🕴 Microsoft Releases Emergency Patch for &apos;PrintNightmare&apos; Flaw 🕴</strong><br><br><code>Urges Organizations to immediately apply security update citing exploit activity.</code><br><br><a href="https://www.darkreading.com/endpoint/microsoft-releases-emergency-patch-for-printnightmare-flaw/d/d-id/1341493?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25975">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 14:17:41">
14:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Are Security Attestations a Necessity for SaaS Businesses? 🕴</strong><br><br><code>Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?</code><br><br><a href="https://www.darkreading.com/risk/are-security-attestations-a-necessity-for-saas-businesses/a/d-id/1341426?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25976">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 14:28:48">
14:28
       </div>

       <div class="text">
<strong>🦿 Bitwarden has a new Send feature: Here&apos;s how to use it 🦿</strong><br><br><code>This tool will make this product—probably the best password manager on the market—even better.</code><br><br><a href="https://www.techrepublic.com/videos/bitwarden-has-a-new-send-feature-heres-how-to-use-it/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25977">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 15:03:45">
15:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ MacOS Targeted in WildPressure APT Malware Campaign ❌</strong><br><br><code>Threat actors enlist compromised WordPress websites in campaign targeting macOS users.</code><br><br><a href="https://threatpost.com/macos-wildpressure-apt/167606/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25978">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 15:37:55">
15:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20416 ‼</strong><br><br><code>IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25979">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 15:37:56">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-20415 ‼</strong><br><br><code>IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25980">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 15:58:49">
15:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 What to do when 2FA won&apos;t allow you into your Linux servers 🦿</strong><br><br><code>If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you.</code><br><br><a href="https://www.techrepublic.com/article/what-to-do-when-2fa-wont-allow-you-into-your-linux-servers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25981">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 16:03:45">
16:03
       </div>

       <div class="text">
<strong>❌ Critical Sage X3 RCE Bug Allows Full System Takeovers ❌</strong><br><br><code>Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims&apos; business-critical processes and to intercept data.</code><br><br><a href="https://threatpost.com/critical-sage-x3-rce-bug-allows-full-system-takeovers/167612/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25982">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 16:17:45">
16:17
       </div>

       <div class="text">
<strong>🕴 Sophos Acquires Capsule8 for Linux Server &amp; Container Security 🕴</strong><br><br><code>The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&amp;A continues.</code><br><br><a href="https://www.darkreading.com/cloud/sophos-acquires-capsule8-for-linux-server-and-container-security/d/d-id/1341494?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25983">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 16:20:46">
16:20
       </div>

       <div class="text">
<strong>🔏 Changes to Nevada&apos;s Privacy Law Includes Requirements for Data Brokers 🔏</strong><br><br><code>Recent changes to Nevada’s privacy law, effective October 1, 2021, give residents a broader right to opt out of sales and puts the onus on &quot;data brokers&quot; to respond to such requests.</code><br><br><a href="https://digitalguardian.com/blog/changes-nevadas-privacy-law-includes-requirements-data-brokers">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25984">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 16:47:48">
16:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Fake Android Apps Promise Cryptomining Services to Steal Funds 🕴</strong><br><br><code>Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.</code><br><br><a href="https://www.darkreading.com/application-security/fake-android-apps-promise-cryptomining-services-to-steal-funds/d/d-id/1341495?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25985">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 17:28:52">
17:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 $13.7 million: Atlas VPN adds up the impact of the top 10 most successful blockchain scams 🦿</strong><br><br><code>A new report finds that fake investment scams have netted the most funds among all the types of active blockchain scams.</code><br><br><a href="https://www.techrepublic.com/article/13-7-million-atlas-vpn-adds-up-the-impact-of-the-top-10-most-successful-blockchain-scams/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25986">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 17:37:58">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23702 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via &apos;New Shout&apos; in /infusions/shoutbox_panel/shoutbox_admin.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25987">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 17:37:59">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-36217 ‼</strong><br><br><code>Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a &quot;ping .local&quot; command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36217">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25988">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 18:17:50">
18:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 🕴</strong><br><br><code>Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours/d/d-id/1341496?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25989">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 18:28:54">
18:28
       </div>

       <div class="text">
<strong>🦿 Scammers exploiting Kaseya ransomware attack to deploy malware 🦿</strong><br><br><code>A new phishing campaign claims to offer a security update for Kaseya&apos;s VSA software but actually tries to install malware, says Malwarebytes.</code><br><br><a href="https://www.techrepublic.com/article/scammers-exploiting-kaseya-ransomware-attack-to-deploy-malware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25990">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 19:38:05">
19:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32714 ‼</strong><br><br><code>hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper&apos;s HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in &quot;request smuggling&quot; or &quot;desync attacks.&quot; The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25991">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 19:38:06">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2007-5002 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25992">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 21:38:09">
21:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21775 ‼</strong><br><br><code>A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25993">

      <div class="body">

       <div class="pull_right date details" title="07.07.2021 21:38:10">
21:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21807 ‼</strong><br><br><code>An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-829">

      <div class="body details">
8 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message25994">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 02:38:23">
02:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34430 ‼</strong><br><br><code>Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34430">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25995">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 07:38:42">
07:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28809 ‼</strong><br><br><code>An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25996">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 09:38:46">
09:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31817 ‼</strong><br><br><code>When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message25997">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 09:38:47">
09:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-31816 ‼</strong><br><br><code>When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31816">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25998">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 10:59:21">
10:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Ransomware: Top 5 more things to know 🦿</strong><br><br><code>Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists five more things about ransomware you need to know.</code><br><br><a href="https://www.techrepublic.com/videos/ransomware-top-5-more-things-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message25999">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 11:18:29">
11:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Colonial Pipeline Means for Commercial Building Cybersecurity 🕴</strong><br><br><code>Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.</code><br><br><a href="https://www.darkreading.com/physical-security/what-colonial-pipeline-means-for-commercial-building-cybersecurity-/a/d-id/1341446?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26000">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 11:38:52">
11:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21779 ‼</strong><br><br><code>A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26001">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 11:48:32">
11:48
       </div>

       <div class="text">
<strong>🕴 The NSA&apos;s &apos;New&apos; Mission: Get More Public With the Private Sector 🕴</strong><br><br><code>The National Security Agency&apos;s gradual emergence from the shadows was &quot;inevitable&quot; in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.</code><br><br><a href="https://www.darkreading.com/edge/theedge/the-nsas-new-mission-get-more-public-with-the-private-sector/b/d-id/1341481?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26002">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 12:18:49">
12:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Kaseya Hacked via Authentication Bypass 🕴</strong><br><br><code>The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.</code><br><br><a href="https://www.darkreading.com/omdia/kaseya-hacked-via-authentication-bypass/a/d-id/1341497?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26003">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 12:29:24">
12:29
       </div>

       <div class="text">
<strong>🦿 Android app users targeted with cryptomining scams 🦿</strong><br><br><code>Found on Google Play and third-party app stores, the apps discovered by Lookout stole an estimated $350,000 from more than 93,000 people.</code><br><br><a href="https://www.techrepublic.com/article/android-app-users-targeted-with-cryptomining-scams/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26004">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 12:29:25">
12:29
       </div>

       <div class="text">
<strong>🦿 77% of executives plan to hire in the months ahead, according to a new poll 🦿</strong><br><br><code>West Monroe&apos;s executive poll details third-quarter hiring expectations, cybersecurity preparedness, investments to digitize business operations and more.</code><br><br><a href="https://www.techrepublic.com/article/77-of-executives-plan-to-hire-in-the-months-ahead-according-to-a-new-poll/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26005">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 12:59:20">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 &quot;Black Widow&quot; digital premier a cover for malware and scams, says Kaspersky 🦿</strong><br><br><code>Phishing, malicious files and other forms of fraud have followed the highly awaited movie since it was first delayed due to COVID-19. On the eve of its actual release, the scams have begun anew.</code><br><br><a href="https://www.techrepublic.com/article/black-widow-digital-premier-a-cover-for-malware-and-scams-says-kaspersky/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26006">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 13:34:21">
13:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ How Fake Accounts and Sneaker-Bots Took Over the Internet ❌</strong><br><br><code>Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.</code><br><br><a href="https://threatpost.com/fake-accounts-sneaker-bots-internet/167626/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26007">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 13:38:55">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29150 ‼</strong><br><br><code>A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26008">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 13:38:56">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-25440 ‼</strong><br><br><code>Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26009">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 13:38:57">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-25439 ‼</strong><br><br><code>Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26010">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 13:50:11">
13:50
       </div>

       <div class="text">
<strong>⚠ PrintNightmare official patch is out – update now! ⚠</strong><br><br><code>Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/07/printnightmare-official-patch-is-out-update-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26011">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 15:29:24">
15:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft patches remaining versions of Windows against PrintNightmare flaw 🦿</strong><br><br><code>Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-patches-remaining-versions-of-windows-against-printnightmare-flaw/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26012">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 15:34:25">
15:34
       </div>

       <div class="text">
<strong>❌ Coursera Flunks API Security Test in Researchers’ Exam ❌</strong><br><br><code>The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.</code><br><br><a href="https://threatpost.com/coursera-flunks-api-security-test-in-researchers-exam/167630/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26013">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 15:38:59">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29711 ‼</strong><br><br><code>IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26014">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 15:39:00">
15:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-34609 ‼</strong><br><br><code>A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26015">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 15:59:26">
15:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to define DNS in Docker containers 🦿</strong><br><br><code>Jack Wallen shows you how to configure specific DNS servers for your Docker container deployments.</code><br><br><a href="https://www.techrepublic.com/article/how-to-define-dns-in-docker-containers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26016">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 17:18:43">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New WildPressure Malware Capable of Targeting Windows and MacOS 🕴</strong><br><br><code>The Trojan sends information back to the attackers&apos; servers about the programming language of a target device.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-wildpressure-malware-capable-of-targeting-windows-and-macos/d/d-id/1341501?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26017">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 17:34:30">
17:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Oil &amp; Gas Targeted in Year-Long Cyber-Espionage Campaign ❌</strong><br><br><code>A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.</code><br><br><a href="https://threatpost.com/oil-gas-cyber-espionage-campaign/167639/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26018">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 17:39:05">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-20363 ‼</strong><br><br><code>Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26019">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 17:39:06">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-1596 ‼</strong><br><br><code>Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26020">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 17:39:07">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-1603 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26021">

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 17:51:16">
17:51
       </div>

       <div class="text">
<strong>🔏 CEO, COO Indicted in Biotech IP Theft Case’s Latest Turn 🔏</strong><br><br><code>Two executives reportedly used stolen intellectual property to build their company up to a nearly $1 billion valuation, the DOJ announced this week.</code><br><br><a href="https://digitalguardian.com/blog/ceo-coo-indicted-biotech-ip-theft-case%25E2%2580%2599s-latest-turn">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26022">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 18:18:45">
18:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Morgan Stanley Discloses Data Breach 🕴</strong><br><br><code>Attackers were able to compromise customers&apos; personal data by targeting the Accellion FTA server of a third-party vendor.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/morgan-stanley-discloses-data-breach-/d/d-id/1341503?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26023">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.07.2021 19:39:10">
19:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34613 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34613">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-830">

      <div class="body details">
9 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message26024">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 08:04:57">
08:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Lazarus Targets Job-Seeking Engineers with Malicious Documents ❌</strong><br><br><code>Notorious North Korean APT impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.</code><br><br><a href="https://threatpost.com/lazarus-engineers-malicious-docs/167647/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26025">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 09:14:48">
09:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3570 ‼</strong><br><br><code>A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26026">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 10:21:45">
10:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 7/9 🔏</strong><br><br><code>Ransomware negotiators, cyber risks to the financial system, and why traditional passwords are here to stay - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-7/9">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26027">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 10:49:21">
10:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cartoon Caption Winner: Sight Unseen 🕴</strong><br><br><code>And the winner of Dark Reading&apos;s June contest is ...</code><br><br><a href="https://www.darkreading.com/endpoint/cartoon-caption-winner-sight-unseen/a/d-id/1341506?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26028">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 11:14:48">
11:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2012-5632 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26029">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 11:14:49">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2012-0832 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26030">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 11:49:22">
11:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 It&apos;s in the Game (but It Shouldn&apos;t Be) 🕴</strong><br><br><code>Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/its-in-the-game-(but-it-shouldnt-be)/a/d-id/1341461?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26031">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 12:59:53">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Warning: 1 in 3 employees are likely to fall for a phishing scam 🦿</strong><br><br><code>Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.</code><br><br><a href="https://www.techrepublic.com/article/warning-1-in-3-employees-are-likely-to-fall-for-a-phishing-scam/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26032">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 13:14:55">
13:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27035 ‼</strong><br><br><code>A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26033">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 13:14:56">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-27036 ‼</strong><br><br><code>A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27036">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26034">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 13:14:57">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-30117 ‼</strong><br><br><code>SQL injection exists in Kaseya VSA before 9.5.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26035">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 13:14:57">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-32752 ‼</strong><br><br><code>Ether Logs is a package that allows one to check one&apos;s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26036">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 14:20:35">
14:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Where do all those cybercrime payments go? ⚠</strong><br><br><code>Yes, the headline is a rhetorical question. But sometimes we get literal answers, and they&apos;re well worth remembering.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/09/where-do-all-those-cybercrime-payments-go/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26037">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 14:29:54">
14:29
       </div>

       <div class="text">
<strong>🦿 More sharing, less shame: CompTIA ISAO wants to change the standard response to ransomware attacks 🦿</strong><br><br><code>The information sharing organization helps companies deal with security threats and supports more collaboration overall.</code><br><br><a href="https://www.techrepublic.com/article/more-sharing-less-shame-comptia-isao-wants-to-change-the-standard-response-to-ransomware-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26038">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 14:35:07">
14:35
       </div>

       <div class="text">
<strong>❌ Cisco BPA, WSA Bugs Allow Remote Cyberattacks ❌</strong><br><br><code>The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.</code><br><br><a href="https://threatpost.com/cisco-bpa-wsa-bugs-cyberattacks/167654/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26039">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 14:59:56">
14:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to prevent ransomware attacks with a zero-trust security model 🦿</strong><br><br><code>Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization.</code><br><br><a href="https://www.techrepublic.com/article/how-to-prevent-ransomware-attacks-with-a-zero-trust-security-model/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26040">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 15:05:07">
15:05
       </div>

       <div class="text">
<strong>❌ Microsoft Office Users Warned on New Malware-Protection Bypass ❌</strong><br><br><code>Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.</code><br><br><a href="https://threatpost.com/microsoft-office-malware-protection-bypass/167652/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26041">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 15:15:00">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-3541 ‼</strong><br><br><code>A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3541">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26042">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 16:19:32">
16:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Analysis Reveals Successful Attack Techniques of FY 2020 🕴</strong><br><br><code>The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA&apos;s Risk and Vulnerability Assessments.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cisa-analysis-reveals-successful-attack-techniques-of-fy-2020/d/d-id/1341510?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26043">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 17:15:06">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24007 ‼</strong><br><br><code>Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26044">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 17:15:07">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-22129 ‼</strong><br><br><code>Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26045">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 17:49:33">
17:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Dangerous is Malware? New Report Finds It&apos;s Tough to Tell 🕴</strong><br><br><code>Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/how-dangerous-is-malware-new-report-finds-its-tough-to-tell/d/d-id/1341513?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26046">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 19:15:11">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36367 ‼</strong><br><br><code>PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26047">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 19:15:12">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-36371 ‼</strong><br><br><code>Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26048">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 21:15:17">
21:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25394 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the &quot;Content&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26049">

      <div class="body">

       <div class="pull_right date details" title="09.07.2021 21:15:18">
21:15
       </div>

       <div class="text">
<strong>‼ CVE-2020-25876 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in the &apos;Pages&apos; feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the &apos;Page Title&apos; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-831">

      <div class="body details">
10 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message26050">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.07.2021 10:05:43">
10:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cyber Polygon 2021: Towards Secure Development of Digital Ecosystems ❌</strong><br><br><code>Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countries, corporations and individuals are taking advantage of the rapid spread of the Internet and smart devices. In this context, a single vulnerable link is enough to bring down the entire system, just like the domino effect.</code><br><br><a href="https://threatpost.com/cyber-polygon-2021-towards-secure-development-of-digital-ecosystems/167661/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26051">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.07.2021 13:15:56">
13:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29106 ‼</strong><br><br><code>A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29106">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-832">

      <div class="body details">
11 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message26052">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.07.2021 02:16:25">
02:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29103 ‼</strong><br><br><code>A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29103">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26053">

      <div class="body">

       <div class="pull_right date details" title="11.07.2021 02:16:26">
02:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29105 ‼</strong><br><br><code>A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-833">

      <div class="body details">
12 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message26054">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 09:17:44">
09:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22917 ‼</strong><br><br><code>Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26055">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 09:17:45">
09:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-27293 ‼</strong><br><br><code>RestSharp &lt; 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26056">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 10:51:57">
10:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Navigating Active Directory Security: Dangers and Defenses 🕴</strong><br><br><code>Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data.</code><br><br><a href="https://www.darkreading.com/edge/theedge/navigating-active-directory-security-dangers-and-defenses/b/d-id/1341475?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26057">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 11:17:54">
11:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-30129 ‼</strong><br><br><code>A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26058">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 11:17:55">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-32679 ‼</strong><br><br><code>Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26059">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 11:17:56">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-32678 ‼</strong><br><br><code>Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26060">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 11:20:56">
11:20
       </div>

       <div class="text">
<strong>🕴 AI and Cybersecurity: Making Sense of the Confusion 🕴</strong><br><br><code>Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you&apos;re a defender or an attacker.</code><br><br><a href="https://www.darkreading.com/application-security/ai-and-cybersecurity-making-sense-of-the-confusion/a/d-id/1341462?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26061">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 12:51:59">
12:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Kaseya Releases Security Patch As Companies Continue to Recover 🕴</strong><br><br><code>Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/kaseya-releases-security-patch-as-companies-continue-to-recover/d/d-id/1341514?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26062">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 13:07:17">
13:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Kaseya Patches Zero-Days Used in REvil Attacks ❌</strong><br><br><code>The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.</code><br><br><a href="https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26063">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 13:17:56">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30639 ‼</strong><br><br><code>A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26064">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 13:17:57">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36382 ‼</strong><br><br><code>Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36382">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26065">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 13:17:58">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-18979 ‼</strong><br><br><code>Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via theX-forwarded-for Header parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26066">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 13:51:52">
13:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Where do all those cybercrime payments go? ⚠</strong><br><br><code>Yes, the headline is a rhetorical question. But sometimes we get literal answers, and they&apos;re well worth remembering.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/09/where-do-all-those-cybercrime-payments-go/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26067">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 14:01:26">
14:01
       </div>

       <div class="text">
<strong>🦿 The most dangerous messaging apps on Android 🦿</strong><br><br><code>Messaging apps are becoming some of the most popular smartphone programs in the world, and that means more attempts to phish their users, Kaspersky finds.</code><br><br><a href="https://www.techrepublic.com/article/the-most-dangerous-messaging-apps-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26068">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 14:21:51">
14:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Don’t get tricked by this crashtastic iPhone Wi-Fi hack! ⚠</strong><br><br><code>Learn how the trick works so that you can avoid it in case someone thinks it&apos;s a joke to catch you out.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/07/12/take-care-dont-get-tricked-by-this-crashtastic-iphone-wi-fi-hack/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26069">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:07:21">
15:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack ❌</strong><br><br><code>The attacks are enabled by an unpatched security vulnerability in ForgeRock&apos;s Access Management, a popular platform that front-ends web apps and remote-access setups.</code><br><br><a href="https://threatpost.com/critical-vulnerability-rce-forgerock-openam/167679/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26070">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:18:02">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-32703 ‼</strong><br><br><code>Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26071">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:18:03">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-20414 ‼</strong><br><br><code>IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26072">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:18:04">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-36381 ‼</strong><br><br><code>In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user&apos;s browser via logon.jsp?logon_error= on the login screen of the Web application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36381">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26073">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:18:05">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-29803 ‼</strong><br><br><code>IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204164.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29803">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26074">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:52:04">
15:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Confirms Acquisition of RiskIQ 🕴</strong><br><br><code>RiskIQ&apos;s technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/microsoft-confirms-acquisition-of-riskiq/d/d-id/1341515?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26075">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 15:58:55">
15:58
       </div>

       <div class="text">
<strong>🔏 European Authorities Bust Phishing Ring 🔏</strong><br><br><code>The group, which was based in Romania, reportedly conned online consumers out of $2 million.</code><br><br><a href="https://digitalguardian.com/blog/european-authorities-bust-phishing-ring">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26076">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 17:18:08">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32707 ‼</strong><br><br><code>Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26077">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 17:37:26">
17:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ WordPress File Management Plugin Riddled with Critical Bugs ❌</strong><br><br><code>The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.</code><br><br><a href="https://threatpost.com/frontend-file-manager-wordpress-bugs/167687/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26078">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 18:22:10">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds Discloses Zero-Day Under Active Attack 🕴</strong><br><br><code>The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/solarwinds-discloses-zero-day-under-active-attack/d/d-id/1341516?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26079">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 19:18:13">
19:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24426 ‼</strong><br><br><code>The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26080">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 19:18:14">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-19907 ‼</strong><br><br><code>A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19907">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26081">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 19:18:15">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-24421 ‼</strong><br><br><code>The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24421">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26082">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 21:18:22">
21:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32747 ‼</strong><br><br><code>Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it&apos;s possible to setup protection rules and blacklists in a user&apos;s role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32747">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26083">

      <div class="body">

       <div class="pull_right date details" title="12.07.2021 21:18:23">
21:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-32741 ‼</strong><br><br><code>Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32741">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-834">

      <div class="body details">
13 July 2021
      </div>

     </div>

     <div class="message default clearfix" id="message26084">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 02:06:45">
02:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Vulnerability in Schneider Electric PLCs allows for undetectable remote takeover 🦿</strong><br><br><code>Dubbed Modipwn, the vulnerability affects a wide variety of Modicon programmable logic controllers used in manufacturing, utilities, automation and other roles.</code><br><br><a href="https://www.techrepublic.com/article/vulnerability-in-schneider-electric-plcs-allows-for-undetectable-remote-takeover/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26085">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 02:06:46">
02:06
       </div>

       <div class="text">
<strong>🦿 New phishing attack SpoofedScholars targets professors and writers specializing in the Middle East 🦿</strong><br><br><code>Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials.</code><br><br><a href="https://www.techrepublic.com/article/new-phishing-attack-spoofedscholars-targets-professors-and-writers-specializing-in-the-middle-east/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26086">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 07:19:01">
07:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1899 ‼</strong><br><br><code>Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26087">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 07:19:02">
07:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-35515 ‼</strong><br><br><code>When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress&apos; sevenz package.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35515">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26088">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 07:19:03">
07:19
       </div>

       <div class="text">
<strong>‼ CVE-2020-11307 ‼</strong><br><br><code>Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message26089">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:02">
09:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31892 ‼</strong><br><br><code>A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions &gt;= V02.00.12 &lt; 02.00.18), SINUMERIK Integrate Client 03 (All versions &gt;= V03.00.12 &lt; 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions &gt;= V04.00.15 &lt; 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions &lt; V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions &lt; V4.8 SP8), SINUMERIK Operate V4.93 (All versions &lt; V4.93 HF7), SINUMERIK Operate V4.94 (All versions &lt; V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26090">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:03">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34329 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2), Solid Edge SE2021 (All Versions &lt; SE2021MP5), Teamcenter Visualization (All versions &lt; V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26091">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:04">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34320 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2), Teamcenter Visualization (All versions &lt; V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26092">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:05">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-31895 ‼</strong><br><br><code>A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions &lt; V4.3.7), RUGGEDCOM ROS M2200 (All versions &lt; V4.3.7), RUGGEDCOM ROS M969 (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC20 (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC30 (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC40 (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC41 (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RP110 (All versions &lt; V4.3.7), RUGGEDCOM ROS RS400 (All versions &lt; V4.3.7), RUGGEDCOM ROS RS401 (All versions &lt; V4.3.7), RUGGEDCOM ROS RS416 (All versions &lt; V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions &lt; 5.5.4), RUGGEDCOM ROS RS8000 (All versions &lt; V4.3.7), RUGGEDCOM ROS RS8000A (All versions &lt; V4.3.7), RUGGEDCOM ROS RS8000H (All versions &lt; V4.3.7), RUGGEDCOM ROS RS8000T (All versions &lt; V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RS900G (All versions &lt; V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RS900GP (All versions &lt; V4.3.7), RUGGEDCOM ROS RS900L (All versions &lt; V4.3.7), RUGGEDCOM ROS RS900W (All versions &lt; V4.3.7), RUGGEDCOM ROS RS910 (All versions &lt; V4.3.7), RUGGEDCOM ROS RS910L (All versions &lt; V4.3.7), RUGGEDCOM ROS RS910W (All versions &lt; V4.3.7), RUGGEDCOM ROS RS920L (All versions &lt; V4.3.7), RUGGEDCOM ROS RS920W (All versions &lt; V4.3.7), RUGGEDCOM ROS RS930L (All versions &lt; V4.3.7), RUGGEDCOM ROS RS930W (All versions &lt; V4.3.7), RUGGEDCOM ROS RS940G (All versions &lt; V4.3.7), RUGGEDCOM ROS RS969 (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2100P (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG2200 (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG900C (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG900R (All versions &lt; V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions &lt; V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions &lt; V5.5.4), RUGGEDCOM ROS RSL910 (All versions &lt; V5.5.4), RUGGEDCOM ROS RST2228 (All versions &lt; V5.5.4), RUGGEDCOM ROS RST916C (All versions &lt; V5.5.4), RUGGEDCOM ROS RST916P (All versions &lt; V5.5.4), RUGGEDCOM ROS i800 (All versions &lt; V4.3.7), RUGGEDCOM ROS i801 (All versions &lt; V4.3.7), RUGGEDCOM ROS i802 (All versions &lt; V4.3.7), RUGGEDCOM ROS i803 (All versions &lt; V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31895">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26093">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:06">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34325 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2), Teamcenter Visualization (All versions &lt; V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26094">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:10">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34327 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2), Solid Edge SE2021 (All Versions &lt; SE2021MP5), Teamcenter Visualization (All versions &lt; V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34327">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26095">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:19:10">
09:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34308 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2), Teamcenter Visualization (All versions &lt; V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26096">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:25:04">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-34307 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2), Teamcenter Visualization (All versions &lt; V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message26097">

      <div class="body">

       <div class="pull_right date details" title="13.07.2021 09:25:05">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33713 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages27.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>