messages31.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages30.html">
Previous messages
     </a>

     <div class="message service" id="message-917">

      <div class="body details">
6 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:32:33">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25472 ‼</strong><br><br><code>An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30099">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:32:34">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41126 ‼</strong><br><br><code>October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30100">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:32:35">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-29908 ‼</strong><br><br><code>The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30101">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:32:37">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-25478 ‼</strong><br><br><code>A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25478">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30102">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:32:38">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-25481 ‼</strong><br><br><code>An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30103">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:47:02">
17:47
       </div>

       <div class="text">
<strong>❌ VMware ESXi Servers Encrypted by Lightning-Fast Python Script ❌</strong><br><br><code>The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption.</code><br><br><a href="https://threatpost.com/vmware-esxi-encrypted-python-script-ransomware/175374/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30104">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 17:57:43">
17:57
       </div>

       <div class="text">
<strong>🕴 Aerospace, Telecommunications Companies Victims of Stealthy Iranian Cyber-Espionage Campaign 🕴</strong><br><br><code>Since at least 2018, &quot;MalKamak&quot; group has targeted firms in the Middle East, Russia, and other areas to steal sensitive data, security vendor says.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/aerospace-firms-telcos-victim-of-stealthy-iranian-cyber-espionage-campaign">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30105">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 18:27:43">
18:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 MacOS Security: What Security Teams Should Know 🕴</strong><br><br><code>As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.</code><br><br><a href="https://www.darkreading.com/edge-articles/mac-attacks-how-secure-are-the-macs-in-your-enterprise">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30106">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 18:47:05">
18:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Canopy Parental Control App Wide Open to Unpatched XSS Bugs ❌</strong><br><br><code>The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.</code><br><br><a href="https://threatpost.com/canopy-parental-control-app-unpatched-xss-bugs/175384/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30107">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 18:57:46">
18:57
       </div>

       <div class="text">
<strong>🕴 Space ISAC and NY Metro InfraGard Members Alliance Announce Collaboration to Advance the Mission of Cybersecurity in Space 🕴</strong><br><br><code>The collaboration is designed to promote broad-based participation by members of both organizations through enhanced educational initiatives, user-and operator-training, and intelligence-sharing activities in the space domain.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/space-isac-and-ny-metro-infragard-members-alliance-announce-collaboration-to-advance-the-mission-of-cybersecurity-in-space">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30108">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 18:57:47">
18:57
       </div>

       <div class="text">
<strong>🕴 5-Year Breach May Have Exposed Billions of Text Messages 🕴</strong><br><br><code>The attack affected Syniverse, a major telecom company that annually routes billions of text messages for hundreds of mobile carriers.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/five-year-breach-may-have-exposed-billions-of-text-messages">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30109">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:20">
19:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34735 ‼</strong><br><br><code>Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34735">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30110">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:21">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34710 ‼</strong><br><br><code>Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34710">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30111">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:22">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34742 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34742">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30112">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:24">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34775 ‼</strong><br><br><code>Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30113">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:24">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34777 ‼</strong><br><br><code>Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30114">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:25">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41129 ‼</strong><br><br><code>Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel&apos;s cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30115">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:27">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34757 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30116">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:27">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34748 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30117">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:28">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34778 ‼</strong><br><br><code>Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30118">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:29">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34766 ‼</strong><br><br><code>A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34766">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30119">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:33">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34782 ‼</strong><br><br><code>A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34782">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30120">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:34">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42042 ‼</strong><br><br><code>An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30121">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:35">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34779 ‼</strong><br><br><code>Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30122">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:36">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-1534 ‼</strong><br><br><code>A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30123">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:37">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34706 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the web application to perform arbitrary HTTP requests on behalf of the attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30124">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:41">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34711 ‼</strong><br><br><code>A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30125">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:42">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42043 ‼</strong><br><br><code>An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30126">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:43">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34758 ‼</strong><br><br><code>A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30127">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:44">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-1594 ‼</strong><br><br><code>A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30128">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 19:32:45">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42040 ‼</strong><br><br><code>An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30129">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:18:53">
23:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 BT and Toshiba to launch quantum-secured network across London 📢</strong><br><br><code>The two companies say this is the first commercially available network of its kind</code><br><br><a href="https://www.itpro.co.uk/infrastructure/network-internet/361115/bt-toshiba-quantum-secured-network-london">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30130">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:18:54">
23:18
       </div>

       <div class="text">
<strong>📢 Amazon, Microsoft, Google back creation of Trusted Cloud Principles 📢</strong><br><br><code>The initiative calls on governments to recognise baseline security and privacy protections for customers</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361083/amazon-microsoft-google-back-trusted-cloud-principles">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30131">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:18:55">
23:18
       </div>

       <div class="text">
<strong>📢 What is hacktivism? 📢</strong><br><br><code>From Anonymous to Omega, here’s everything you need to know about hackers with a conscience</code><br><br><a href="https://www.itpro.co.uk/hacking/30203/what-is-hacktivism">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30132">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:18:56">
23:18
       </div>

       <div class="text">
<strong>📢 Neiman Marcus data breach hits 4.6 million customers 📢</strong><br><br><code>The breach took place last year, but details have only now come to light</code><br><br><a href="https://www.itpro.co.uk/security/data-breaches/361107/46-million-neiman-marcus-customers-data-compromised-in-a-breach">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30133">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:18:56">
23:18
       </div>

       <div class="text">
<strong>📢 US plans 30-nation meeting to address growing cyber crime threat 📢</strong><br><br><code>Biden says the meeting will focus on the use of illicit cryptocurrency and securing supply chains</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361098/us-30-country-meeting-cyber-crime-threat">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30134">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:00">
23:19
       </div>

       <div class="text">
<strong>📢 The best defence against ransomware 📢</strong><br><br><code>How ransomware is evolving and how to defend against it</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361095/the-best-defence-against-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30135">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:02">
23:19
       </div>

       <div class="text">
<strong>📢 How to maintain your privacy on social media 📢</strong><br><br><code>Even the most privacy conscious individuals can be caught out by misconfigured accounts</code><br><br><a href="https://www.itpro.co.uk/data-protection/34415/how-to-maintain-your-privacy-on-social-media">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30136">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:04">
23:19
       </div>

       <div class="text">
<strong>📢 Malware pretending to be Amnesty International antivirus for Pegasus discovered 📢</strong><br><br><code>Victims fearing Pegasus spyware targeted in a new malware campaign</code><br><br><a href="https://www.itpro.co.uk/security/malware/361088/malware-pretending-to-be-amnesty-international-antivirus-for-pegasus">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30137">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:05">
23:19
       </div>

       <div class="text">
<strong>📢 Prevent fraud and phishing attacks with DMARC 📢</strong><br><br><code>How to use domain-based message authentication, reporting, and conformance for email security</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/359475/prevent-fraud-and-phishing-attacks-with-dmarc">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30138">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:06">
23:19
       </div>

       <div class="text">
<strong>📢 What is a 502 bad gateway and how do you fix it? 📢</strong><br><br><code>We explain what this networking error means for users and website owners</code><br><br><a href="https://www.itpro.co.uk/web-hosting/30258/what-is-a-502-bad-gateway-and-how-do-you-fix-it">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30139">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:07">
23:19
       </div>

       <div class="text">
<strong>📢 Coinbase notifies 6,000 customers of data breach 📢</strong><br><br><code>Hackers exploited a 2FA flaw to steal hundreds of thousands in cryptocurrency</code><br><br><a href="https://www.itpro.co.uk/technology/cryptocurrencies/361101/coinbase-data-breach-6000-customers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30140">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:08">
23:19
       </div>

       <div class="text">
<strong>📢 2021 state of email security report: Ransomware on the rise 📢</strong><br><br><code>Securing the enterprise in the COVID world</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/359471/2021-state-of-email-security-report-ransomware-on-the-rise">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30141">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:11">
23:19
       </div>

       <div class="text">
<strong>📢 How to reduce the risk of phishing and ransomware 📢</strong><br><br><code>Top security concerns and tips for mitigation</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/360247/how-to-reduce-the-risk-of-phishing-and-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30142">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:12">
23:19
       </div>

       <div class="text">
<strong>📢 How are cyber security and insurance companies evolving with the threat of ransomware? 📢</strong><br><br><code>In a sector that is being heavily scrutinised, many companies are having to implement changes to deal with new risks</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361099/cyber-security-and-insurance-companies-evolving-with-the-threat-of-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30143">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:14">
23:19
       </div>

       <div class="text">
<strong>📢 UK&apos;s National Cyber Force will be based in Samlesbury 📢</strong><br><br><code>The hub will bring “thousands&quot; of highly skilled jobs and expertise to the North West of England</code><br><br><a href="https://www.itpro.co.uk/security/cyber-warfare/361102/samlesbury-unveiled-as-new-national-cyber-force-location">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30144">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:16">
23:19
       </div>

       <div class="text">
<strong>📢 How to manage AI risk 📢</strong><br><br><code>Recommendations from the Cyber Resilience Think Tank</code><br><br><a href="https://www.itpro.co.uk/technology/artificial-intelligence-ai/361093/how-to-manage-ai-risk">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30145">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:17">
23:19
       </div>

       <div class="text">
<strong>📢 The truth about cyber security training 📢</strong><br><br><code>Stop ticking boxes. Start delivering real change.</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361094/the-truth-about-cyber-security-training">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30146">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:19:18">
23:19
       </div>

       <div class="text">
<strong>📢 The state of brand protection 2021 📢</strong><br><br><code>A new front opens up in the war for brand safety</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/360246/the-state-of-brand-protection-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30147">

      <div class="body">

       <div class="pull_right date details" title="06.10.2021 23:32:28">
23:32
       </div>

       <div class="text">
<strong>🦿 Does your company have a cybersecurity strategy? Is it any good? 🦿</strong><br><br><code>Take this quick, multiple choice survey and tell us about your company&apos;s cybersecurity strategies for the upcoming year.</code><br><br><a href="https://www.techrepublic.com/article/whats-your-organizations-cybersecurity-strategy/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-918">

      <div class="body details">
7 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30148">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 07:27:45">
07:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ MyBB CAPTCHA bug breaks forum validation checks 🗓️</strong><br><br><code>Forum owners can apply a workaround until a full fix is released</code><br><br><a href="https://portswigger.net/daily-swig/mybb-captcha-bug-breaks-forum-validation-checks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30149">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 07:33:22">
07:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-41770 ‼</strong><br><br><code>Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30150">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 07:33:23">
07:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-42054 ‼</strong><br><br><code>ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42054">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30151">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 07:33:24">
07:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-42053 ‼</strong><br><br><code>The Unicorn framework through 0.35.3 for Django allows XSS via component.name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30152">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 11:10:09">
11:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Apache Ranger maintainers slam unflattering cloud data security comparison with Immuta 🗓️</strong><br><br><code>Immuta defends benchmark study comparing access control policy management burdens</code><br><br><a href="https://portswigger.net/daily-swig/apache-ranger-maintainers-slam-unflattering-cloud-data-security-comparison-with-immuta">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30153">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 11:10:11">
11:10
       </div>

       <div class="text">
<strong>🛠 Wireshark Analyzer 3.4.9 🛠</strong><br><br><code>Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/164438/wireshark-3.4.9.tar.xz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30154">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 11:57:50">
11:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Twitch breach leads to leak of source code and streamer earnings data 🗓️</strong><br><br><code>This is like ‘KFC losing its secret recipe’</code><br><br><a href="https://portswigger.net/daily-swig/twitch-breach-leads-to-leak-of-source-code-and-streamer-earnings-data">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30155">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 12:33:06">
12:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 A unique method of securing SSH 🦿</strong><br><br><code>Jack Wallen offers up a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.</code><br><br><a href="https://www.techrepublic.com/article/a-unique-method-of-securing-ssh/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30156">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 12:33:07">
12:33
       </div>

       <div class="text">
<strong>🕴 New Regulations Are Coming — Get a Handle on Your App Portfolio 🕴</strong><br><br><code>With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.</code><br><br><a href="https://www.darkreading.com/application-security/new-regulations-are-coming-get-a-handle-on-your-app-portfolio">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30157">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:46">
13:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3832 ‼</strong><br><br><code>Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30158">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:47">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-40978 ‼</strong><br><br><code>The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30159">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:49">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-20605 ‼</strong><br><br><code>Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30160">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:50">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-20603 ‼</strong><br><br><code>Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30161">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:51">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-41865 ‼</strong><br><br><code>HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41865">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30162">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:51">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-22958 ‼</strong><br><br><code>A Server-Side Request Forgery vulnerability was found in concrete5 &lt; 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30163">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:53">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-20602 ‼</strong><br><br><code>Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20602">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30164">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:54">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-35067 ‼</strong><br><br><code>Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30165">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:55">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-41794 ‼</strong><br><br><code>ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with &quot;internet&quot; as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, &apos;i&apos; gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30166">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:56">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-28661 ‼</strong><br><br><code>Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28661">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30167">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:58">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-36150 ‼</strong><br><br><code>SilverStripe Framework through 4.8.1 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30168">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:33:59">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-20604 ‼</strong><br><br><code>Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20604">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30169">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:34:00">
13:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-33903 ‼</strong><br><br><code>In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30170">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:34:01">
13:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-22930 ‼</strong><br><br><code>Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22930">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30171">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:34:03">
13:34
       </div>

       <div class="text">
<strong>🕴 New Kaspersky Service Delivers Cyberthreat Insights on Request 🕴</strong><br><br><code>Kaspersky&apos;s new Ask the Analyst service will allow businesses to reach out to the company&apos;s researchers for their opinions and guidance on cyberthreats and security issues.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/new-kaspersky-service-delivers-cyberthreat-insights-on-request">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30172">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 13:36:48">
13:36
       </div>

       <div class="text">
<strong>⚠ Apache web server zero-day bug is easy to exploit – patch now! ⚠</strong><br><br><code>Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/06/apache-web-server-zero-day-bug-is-easy-to-exploit-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30173">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 14:19:33">
14:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/07/s3-ep53-apple-pay-giftcards-cybermonth-and-ransomware-busts-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30174">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:23:23">
15:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 4 Key Questions for Zero-Trust Success ❌</strong><br><br><code>Anurag Kahol, CTO &amp; co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.</code><br><br><a href="https://threatpost.com/key-questions-zero-trust-success/175392/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30175">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:33:54">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-37926 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30176">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:33:55">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-37919 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30177">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:33:56">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-23447 ‼</strong><br><br><code>This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23447">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30178">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:33:57">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-37924 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30179">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:33:58">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-37929 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37929">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30180">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:02">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-40725 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30181">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:02">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37922 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30182">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:03">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37920 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30183">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:04">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37921 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30184">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:05">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37923 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30185">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:07">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-40726 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40726">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30186">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:08">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42013 ‼</strong><br><br><code>It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration &quot;require all denied&quot;, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30187">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:09">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37928 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30188">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:11">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42071 ‼</strong><br><br><code>In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30189">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:13">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-40439 ‼</strong><br><br><code>Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a &quot;Billion Laughs&quot; entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30190">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:14">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37931 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30191">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:15">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37762 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30192">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:16">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-37918 ‼</strong><br><br><code>Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30193">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:17">
15:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-3833 ‼</strong><br><br><code>Integria IMS login check uses a loose comparator (&quot;==&quot;) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3833">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30194">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:34:18">
15:34
       </div>

       <div class="text">
<strong>🕴 Former Google Employees Launch Supply Chain Security Startup 🕴</strong><br><br><code>Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.</code><br><br><a href="https://www.darkreading.com/application-security/fmr-google-employees-launch-supply-chain-security-startup">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30195">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 15:51:28">
15:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Solving the Mid-Market Data Protection Challenge 🔏</strong><br><br><code>Learn how Digital Guardian&apos;s Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.</code><br><br><a href="https://digitalguardian.com/blog/solving-mid-market-data-protection-challenge">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30196">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 16:32:56">
16:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR 🦿</strong><br><br><code>The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.</code><br><br><a href="https://www.techrepublic.com/article/extrahop-adds-new-threat-hunting-and-network-advisory-services-to-revealx-360-ndr/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30197">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:23:27">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 A holistic approach to vulnerability management solidifies cyberdefenses 🦿</strong><br><br><code>Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.</code><br><br><a href="https://www.techrepublic.com/article/a-holistic-approach-to-vulnerability-management-solidifies-cyberdefenses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30198">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:04">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20571 ‼</strong><br><br><code>IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30199">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:05">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20489 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20489">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30200">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:06">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-29700 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30201">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:07">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20376 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30202">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:08">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20372 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user&apos;s service due to insufficient permission checking. IBM X-Force ID: 195518.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30203">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:12">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20561 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30204">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:14">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20552 ‼</strong><br><br><code>IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30205">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:15">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-41130 ‼</strong><br><br><code>Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header &quot;X-Endpoint-API-UserInfo&quot;, the application can use it to do authorization. But if there are two &quot;X-Endpoint-API-UserInfo&quot; headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two &quot;X-Endpoint-API-UserInfo&quot; headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the &quot;X-Endpoint-API-UserInfo&quot; header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag &quot;:1&quot;, needs to re-start the container to pick up the new version. The tag &quot;:1&quot; will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. &quot;:1.57&quot;. You need to update it to &quot;:1.58&quot; and re-start the container. There are no workaround for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30206">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:15">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20481 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30207">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:17">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20473 ‼</strong><br><br><code>IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30208">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:18">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20375 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30209">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:19">
17:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20584 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30210">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:20">
17:34
       </div>

       <div class="text">
<strong>🕴 Rapid RYUK Ransomware Attack Group Christened as FIN12 🕴</strong><br><br><code>Prolific ransomware cybercrime group&apos;s approach underscores a complicated, layered model of cybercrime.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/rapid-ryuk-ransomware-attack-group-christened-as-fin12">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30211">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:34:21">
17:34
       </div>

       <div class="text">
<strong>🕴 CyberArk Leads the PAM Omdia Universe 🕴</strong><br><br><code>With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.</code><br><br><a href="https://www.darkreading.com/omdia/cyberark-leads-the-pam-omdia-universe">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30212">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:47:41">
17:47
       </div>

       <div class="text">
<strong>❌ Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming ❌</strong><br><br><code>The destroyer-class USS Kidd streamed hours of game play in a funny incident that has serious cybersecurity ramifications.</code><br><br><a href="https://threatpost.com/navy-warships-facebook-age-empires-gaming/175409/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30213">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 17:47:42">
17:47
       </div>

       <div class="text">
<strong>❌ Twitch Leak Included Emails, Passwords in Clear Text: Researcher ❌</strong><br><br><code>A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees&apos; emails; and more.</code><br><br><a href="https://threatpost.com/twitch-leak-emails-passwords/175390/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30214">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 18:04:28">
18:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Are Some Red Flags in a Vendor Security Assessment? 🕴</strong><br><br><code>The last thing you want is a vendor that lies to you about its security practices.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/what-are-some-red-flags-to-look-for-in-a-vendor-security-assessment-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30215">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:04:31">
19:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft: 58% of Nation-State Cyberattacks Come from Russia 🕴</strong><br><br><code>A wealth of Microsoft data highlights trends in nation-state activity, hybrid workforce security, disinformation, and supply chain, IoT, and OT security.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/microsoft-58-of-nation-state-cyberattacks-come-from-russia">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30216">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:11">
19:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42089 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42089">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30217">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:13">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42093 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42093">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30218">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:14">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42087 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42087">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30219">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:15">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42092 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30220">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:17">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42090 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42090">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30221">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:18">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42084 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42084">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30222">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:19">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42091 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30223">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:20">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42088 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30224">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:21">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42095 ‼</strong><br><br><code>Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42095">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30225">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:23">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-21865 ‼</strong><br><br><code>ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21865">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30226">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:24">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42086 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30227">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:25">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42094 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42094">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30228">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:26">
19:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42085 ‼</strong><br><br><code>An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42085">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30229">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:27">
19:34
       </div>

       <div class="text">
<strong>🕴 Microsec.ai</strong> <strong>Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service 🕴</strong><br><br><code>Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications.</code><br><br><a href="https://www.darkreading.com/cloud/microsec-ai-launches-solution-to-deliver-agentless-runtime-protection-for-multi-cloud-infrastructure-as-a-service">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30230">

      <div class="body">

       <div class="pull_right date details" title="07.10.2021 19:34:28">
19:34
       </div>

       <div class="text">
<strong>🕴 HP Extends Security Features to Work-from-Home Devices 🕴</strong><br><br><code>HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers.</code><br><br><a href="https://www.darkreading.com/dr-tech/hp-extends-security-features-to-work-from-home-devices">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-919">

      <div class="body details">
8 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30231">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 02:39:34">
02:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25271 ‼</strong><br><br><code>A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30232">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 02:39:35">
02:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25270 ‼</strong><br><br><code>A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30233">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 09:40:03">
09:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33603 ‼</strong><br><br><code>A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30234">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 09:40:04">
09:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-40832 ‼</strong><br><br><code>A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30235">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 11:10:47">
11:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Apache HTTP Server update fails to squash path traversal, RCE bugs 🗓️</strong><br><br><code>Web admins told to upgrade (once again) to latest version</code><br><br><a href="https://portswigger.net/daily-swig/apache-http-server-update-fails-to-squash-path-traversal-rce">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30236">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 11:10:48">
11:10
       </div>

       <div class="text">
<strong>🕴 Hardware Bolsters Medical Device Security 🕴</strong><br><br><code>New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/hardware-bolsters-medical-device-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30237">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 11:40:06">
11:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41947 ‼</strong><br><br><code>A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30238">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 12:05:52">
12:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Patch &apos;Immediately&apos;: Apache Issues Software Fix as Zero-Day Attacks Pick Up 🕴</strong><br><br><code>CISA reports it&apos;s seeing ongoing scanning for the flaws and expects this to accelerate.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/apache-issues-patch-as-zero-day-attacks-underway">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30239">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 12:28:49">
12:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Hong Kong’s anti-doxxing law comes into force despite human rights criticism 🗓️</strong><br><br><code>Violations could attract hefty fines and up to five years in prison</code><br><br><a href="https://portswigger.net/daily-swig/hong-kongs-anti-doxxing-law-comes-into-force-despite-human-rights-criticism">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30240">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 12:33:22">
12:33
       </div>

       <div class="text">
<strong>🦿 Install SELinux on Ubuntu Server 20.04: Here&apos;s how 🦿</strong><br><br><code>If you&apos;ve already learned SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground.</code><br><br><a href="https://www.techrepublic.com/videos/install-selinux-on-ubuntu-server-20-04-heres-how/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30241">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 12:37:04">
12:37
       </div>

       <div class="text">
<strong>⚠ Apache patch proves patchy – now you need to patch the patch ⚠</strong><br><br><code>Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30242">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 12:37:06">
12:37
       </div>

       <div class="text">
<strong>⚠ S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/07/s3-ep53-apple-pay-giftcards-cybermonth-and-ransomware-busts-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30243">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:11:09">
13:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 nfstream 6.3.5 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/164459/nfstream-6.3.5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30244">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:11:10">
13:11
       </div>

       <div class="text">
<strong>🛠 Zed Attack Proxy 2.11.0 Cross Platform Package 🛠</strong><br><br><code>The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.</code><br><br><a href="https://packetstormsecurity.com/files/164458/ZAP_2.11.0_Crossplatform.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30245">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:40:10">
13:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3312 ‼</strong><br><br><code>An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server&apos;s file system by uploading a crafted SVG document.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30246">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:40:11">
13:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-35979 ‼</strong><br><br><code>An issue was discovered in Digi RealPort through 4.8.488.0. The &apos;encrypted&apos; mode is vulnerable to man-in-the-middle attacks and does not perform authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30247">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:40:13">
13:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41133 ‼</strong><br><br><code>Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak&apos;s denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30248">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:40:14">
13:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36767 ‼</strong><br><br><code>In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server&apos;s access password. The attacker may then crack this hash offline in order to successfully login to the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36767">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30249">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:40:15">
13:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-35977 ‼</strong><br><br><code>An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30250">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 13:51:58">
13:51
       </div>

       <div class="text">
<strong>🔏 Friday Five 10/8 🔏</strong><br><br><code>News on CISA&apos;s new system to attract cyber talent, an Apache zero day, and Microsoft on the lack of acceptance around MFA - catch up on the news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-10/8">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30251">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 14:36:02">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 &apos;FontOnLake&apos; Malware Family Targets Linux Systems 🕴</strong><br><br><code>Researchers report that the location of its C2 server, the countries where samples were uploaded, may indicate targets include Southeast Asia.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/-fontonlake-malware-family-targets-linux-systems">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30252">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 14:36:04">
14:36
       </div>

       <div class="text">
<strong>🕴 71% of Security Pros Find Patching to be Complex and Time Consuming, Ivanti Study Confirms 🕴</strong><br><br><code>Challenges with lack of time and vulnerability and patching prioritization are putting organizations at increased risk of cyberattacks.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/71-of-security-pros-find-patching-to-be-complex-and-time-consuming-ivanti-study-confirms">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30253">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:33:31">
15:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Motion Picture Academy employs cutting-edge tech to keep Oscar contenders secure 🦿</strong><br><br><code>With video use on the rise across the board, new technologies are being deployed to prevent it from being pirated or showing up in places it shouldn&apos;t.</code><br><br><a href="https://www.techrepublic.com/article/motion-picture-academy-employs-cutting-edge-tech-to-keep-oscar-contenders-secure/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30254">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:21">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41564 ‼</strong><br><br><code>Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30255">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:22">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41802 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41802">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30256">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:23">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41975 ‼</strong><br><br><code>TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30257">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:24">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41920 ‼</strong><br><br><code>webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30258">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:25">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41916 ‼</strong><br><br><code>A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim&apos;s knowledge, by enticing an authenticated admin user to visit an attacker&apos;s web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30259">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:27">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41825 ‼</strong><br><br><code>Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30260">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:28">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41919 ‼</strong><br><br><code>webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30261">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:29">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41917 ‼</strong><br><br><code>webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30262">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:30">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41566 ‼</strong><br><br><code>The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30263">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:31">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41976 ‼</strong><br><br><code>Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30264">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:33">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41563 ‼</strong><br><br><code>Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30265">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:33">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41568 ‼</strong><br><br><code>Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30266">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:34">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-32029 ‼</strong><br><br><code>A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30267">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:36">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-20600 ‼</strong><br><br><code>Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20600">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30268">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:37">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41565 ‼</strong><br><br><code>TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30269">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:38">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41918 ‼</strong><br><br><code>webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30270">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:39">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41567 ‼</strong><br><br><code>The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30271">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 15:40:40">
15:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41974 ‼</strong><br><br><code>Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30272">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 17:23:17">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 You can create Let&apos;s Encrypt SSL certificates with acme.sh</strong> <strong>on Linux 🦿</strong><br><br><code>Let&apos;s make issuing and installing SSL certificates less of a challenge. Tools like acme.sh can help. Jack Wallen shows you how to install and use this handy script.</code><br><br><a href="https://www.techrepublic.com/videos/you-can-create-lets-encrypt-ssl-certificates-with-acme-sh-on-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30273">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 17:40:24">
17:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4654 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30274">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 17:40:26">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-29906 ‼</strong><br><br><code>IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30275">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 17:40:27">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-42109 ‼</strong><br><br><code>VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30276">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 18:06:15">
18:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 North American Orgs Hit With an Average of 497 Cyberattacks per Week 🕴</strong><br><br><code>A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/north-american-orgs-experience-497-attacks-per-week-on-average-currently">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30277">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:32">
19:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-30632 ‼</strong><br><br><code>Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30278">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:33">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-42112 ‼</strong><br><br><code>The &quot;File upload question&quot; functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42112">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30279">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:34">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30625 ‼</strong><br><br><code>Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30280">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:35">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30626 ‼</strong><br><br><code>Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30626">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30281">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:37">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30627 ‼</strong><br><br><code>Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30282">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:38">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30629 ‼</strong><br><br><code>Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30629">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30283">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:38">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-22617 ‼</strong><br><br><code>Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30284">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:39">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30630 ‼</strong><br><br><code>Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30285">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:40">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30628 ‼</strong><br><br><code>Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30628">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30286">

      <div class="body">

       <div class="pull_right date details" title="08.10.2021 19:40:41">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-30633 ‼</strong><br><br><code>Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30633">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-920">

      <div class="body details">
9 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30287">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:09">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 The IT Pro Podcast: Behind the scenes of the Solarwinds hack 📢</strong><br><br><code>We speak to the company’s top execs to find out what really happened</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361144/the-it-pro-podcast-behind-the-scenes-of-the-solarwinds-hack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30288">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:10">
16:20
       </div>

       <div class="text">
<strong>📢 Maverick fast-attack ransomware group FIN12 is quickly expanding 📢</strong><br><br><code>FIN12 hits hospitals even during pandemic</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361160/mandiant-releases-details-on-maverick-fast-attack-ransomware-group-fin12">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30289">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:11">
16:20
       </div>

       <div class="text">
<strong>📢 What is NotPetya? 📢</strong><br><br><code>We take a look at the malware that first came to prominence in 2016 and targets Windows-based machines</code><br><br><a href="https://www.itpro.co.uk/malware/34381/what-is-notpetya">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30290">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:14">
16:20
       </div>

       <div class="text">
<strong>📢 2021 Thales access management index: Global edition 📢</strong><br><br><code>The challenges of trusted access in a cloud-first world</code><br><br><a href="https://www.itpro.co.uk/security/identity-and-access-management-iam/361155/2021-thales-access-management-index-global">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30291">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:15">
16:20
       </div>

       <div class="text">
<strong>📢 Twitch confirms data breach after server configuration error 📢</strong><br><br><code>The popular streaming service says there&apos;s no indication that login information has been exposed</code><br><br><a href="https://www.itpro.co.uk/security/data-breaches/361146/twitch-confirms-data-breach-server-error">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30292">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:16">
16:20
       </div>

       <div class="text">
<strong>📢 Why is the energy sector so vulnerable to hacking? 📢</strong><br><br><code>Highly-targeted energy companies often struggle to attract the right cyber security skills and rely on dated systems</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361142/why-is-the-energy-sector-so-vulnerable-to-hacking">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30293">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:18">
16:20
       </div>

       <div class="text">
<strong>📢 SolarWinds hackers stole US sanctions policy data, Microsoft confirms 📢</strong><br><br><code>Unconfirmed reports also suggest data on threat hunting techniques, assessments of Russian threat actors, and source codes were also accessed</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361170/solarwinds-hackers-stole-data-on-us-sanctions-policy">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30294">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:19">
16:20
       </div>

       <div class="text">
<strong>📢 Google will auto-enrol 150 million users in 2FA by end of 2021 📢</strong><br><br><code>An additional two million YouTube creators will also be required to switch it on the 2SV feature by the end of the year</code><br><br><a href="https://www.itpro.co.uk/security/two-factor-authentication-2fa/361133/google-auto-enrol-150m-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30295">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:20">
16:20
       </div>

       <div class="text">
<strong>📢 How to become a cyber security expert 📢</strong><br><br><code>With cyber security professionals in high demand, we explore the steps people need to take to pursue a successful career in this industry</code><br><br><a href="https://www.itpro.co.uk/business-strategy/careers-training/361089/how-to-become-a-cyber-security-expert">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30296">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:21">
16:20
       </div>

       <div class="text">
<strong>📢 The event mesh: A primer 📢</strong><br><br><code>Benefits of an event-driven architecture</code><br><br><a href="https://www.itpro.co.uk/data-insights/analytics/361161/the-event-mesh-a-primer">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30297">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:22">
16:20
       </div>

       <div class="text">
<strong>📢 Best free malware removal tools 2021 📢</strong><br><br><code>Worried your device is infected? Here are the tools you need to get rid of malicious software</code><br><br><a href="https://www.itpro.co.uk/security/malware/28083/best-free-malware-removal-tools">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30298">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:23">
16:20
       </div>

       <div class="text">
<strong>📢 Senator to introduce new bill to force ransomware payment disclosures 📢</strong><br><br><code>Organizations would have 48 hours to inform DHS</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361138/senator-to-introduce-new-bill-to-force-ransomware-payment-disclosures">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30299">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:25">
16:20
       </div>

       <div class="text">
<strong>📢 Swimlane unveils its low-code security automation platform 📢</strong><br><br><code>Swimlane Cloud is available as an on-premises, air-gapped, cloud, or hybrid solution</code><br><br><a href="https://www.itpro.co.uk/business-strategy/automation/361162/swimlane-unveils-its-low-code-security-automation-platform">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30300">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:26">
16:20
       </div>

       <div class="text">
<strong>📢 Identity Automation launches credential breach monitoring service 📢</strong><br><br><code>New monitoring solution adds to the firm’s flagship RapidIdentity platform</code><br><br><a href="https://www.itpro.co.uk/security/phishing/361129/identity-automation-launches-credential-breach-monitoring-service">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30301">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:27">
16:20
       </div>

       <div class="text">
<strong>📢 What is HTTP error 503 and how do you fix it? 📢</strong><br><br><code>It may not always be obvious what&apos;s causing the issue, but there are steps you can take to get back online</code><br><br><a href="https://www.itpro.co.uk/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30302">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:28">
16:20
       </div>

       <div class="text">
<strong>📢 BrewDog app flaw exposed data on 200,000 shareholders and customers, researchers claim 📢</strong><br><br><code>Researchers at Pen Test Partners say API token exploit could have allowed hackers to access personal information and account details</code><br><br><a href="https://www.itpro.co.uk/security/vulnerability/361173/brewdog-exposes-details-of-over-200000-shareholders-and-customers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30303">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:29">
16:20
       </div>

       <div class="text">
<strong>📢 Only a third of businesses have taken out insurance against ransomware attacks 📢</strong><br><br><code>Almost one in six also reported having no disaster recovery plan in place</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361137/only-a-third-of-businesses-have-ransomware-insurance">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30304">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:31">
16:20
       </div>

       <div class="text">
<strong>📢 Justice Department unveils civil cyber fraud initiative to battle online crime 📢</strong><br><br><code>New proposal will respond to cyber security breaches and cryptocurrency use in undertaking cyber fraud</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361152/justice-department-unveils-civil-cyber-fraud-initiative-to-battle">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30305">

      <div class="body">

       <div class="pull_right date details" title="09.10.2021 16:20:32">
16:20
       </div>

       <div class="text">
<strong>📢 2021 Thales access management index: European edition 📢</strong><br><br><code>The challenges of trusted access in a cloud-first world</code><br><br><a href="https://www.itpro.co.uk/security/identity-and-access-management-iam/361156/2021-thales-access-management-index-european">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-921">

      <div class="body details">
11 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30306">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 02:23:27">
02:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42135 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30307">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 02:23:28">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42134 ‼</strong><br><br><code>The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30308">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 02:23:29">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41055 ‼</strong><br><br><code>Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30309">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:21">
09:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24563 ‼</strong><br><br><code>The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30310">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:22">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24719 ‼</strong><br><br><code>The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30311">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:23">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24681 ‼</strong><br><br><code>The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30312">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:24">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24576 ‼</strong><br><br><code>The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30313">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:25">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40889 ‼</strong><br><br><code>CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30314">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:29">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40884 ‼</strong><br><br><code>Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40884">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30315">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:30">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24737 ‼</strong><br><br><code>The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30316">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:31">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24651 ‼</strong><br><br><code>The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30317">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:32">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24545 ‼</strong><br><br><code>The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24545">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30318">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:33">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24577 ‼</strong><br><br><code>The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30319">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:34">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24546 ‼</strong><br><br><code>The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30320">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:35">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24690 ‼</strong><br><br><code>The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin&apos;s settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30321">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:36">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24683 ‼</strong><br><br><code>The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30322">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:38">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24691 ‼</strong><br><br><code>The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24691">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30323">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:39">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40886 ‼</strong><br><br><code>Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30324">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:40">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24712 ‼</strong><br><br><code>The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24712">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30325">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:41">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24720 ‼</strong><br><br><code>The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24720">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30326">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:42">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24709 ‼</strong><br><br><code>The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24709">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30327">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:43">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40888 ‼</strong><br><br><code>Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30328">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:24:44">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40887 ‼</strong><br><br><code>Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30329">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 09:36:42">
09:36
       </div>

       <div class="text">
<strong>🗓️ Oregon Eye Specialists discloses data breach following employee email compromise 🗓️</strong><br><br><code>Attackers had access to mailboxes over a two-month period</code><br><br><a href="https://portswigger.net/daily-swig/oregon-eye-specialists-discloses-data-breach-following-employee-email-compromise">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30330">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 10:10:09">
10:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Continuous Authentication Tech Looms Large in Deployment Plans 🕴</strong><br><br><code>Data from the Dark Reading and Omdia Enterprise Security in a Post Pandemic World report shows security leaders are interested in continuous authentication technologies, especially behavioral-based capabilities.</code><br><br><a href="https://www.darkreading.com/tech-trends/continuous-authentication-tech-looms-large-in-deployment-plans">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30331">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:08:11">
11:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Applying Behavioral Psychology to Strengthen Your Incident Response Team 🕴</strong><br><br><code>A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs.</code><br><br><a href="https://www.darkreading.com/endpoint/how-behavioral-psychology-can-strengthen-your-incident-response-team">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30332">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:08:12">
11:08
       </div>

       <div class="text">
<strong>⚠ Apache patch proves patchy – now you need to patch the patch ⚠</strong><br><br><code>Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30333">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:11:12">
11:11
       </div>

       <div class="text">
<strong>🕴 The 5 Phases of Zero Trust Adoption 🕴</strong><br><br><code>Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.</code><br><br><a href="https://www.darkreading.com/endpoint/the-5-phases-of-zero-trust-adoption">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30334">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:23:30">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40543 ‼</strong><br><br><code>Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET[&apos;usrid&apos;] and $_GET[&apos;prof_id&apos;] in the PasswordCheck.php file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40543">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30335">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:23:31">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40542 ‼</strong><br><br><code>Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30336">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:23:32">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29006 ‼</strong><br><br><code>rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30337">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:23:34">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29005 ‼</strong><br><br><code>Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30338">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:23:35">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29004 ‼</strong><br><br><code>rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30339">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:34:50">
11:34
       </div>

       <div class="text">
<strong>🦿 How to combat the most prevalent ransomware threats 🦿</strong><br><br><code>Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.</code><br><br><a href="https://www.techrepublic.com/article/how-to-combat-the-most-prevalent-ransomware-threats/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30340">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 11:37:52">
11:37
       </div>

       <div class="text">
<strong>🗓️ Ransom Disclosure Act: US bill mandates organizations to report ransomware payments 🗓️</strong><br><br><code>Newly proposed law hopes to further understanding of cybercrime landscape</code><br><br><a href="https://portswigger.net/daily-swig/ransom-disclosure-act-us-bill-mandates-organizations-to-report-ransomware-payments">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30341">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 12:38:11">
12:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Cybersecurity awareness month: Fight the phish! ⚠</strong><br><br><code>Phishing crooks get to try over and over again. But you only have to make one mistake...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/11/becybersmart-2021-week2/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30342">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 12:42:54">
12:42
       </div>

       <div class="text">
<strong>🗓️ Ransomware forensics research reveals cybercrime tradecraft secrets 🗓️</strong><br><br><code>Resident REvil</code><br><br><a href="https://portswigger.net/daily-swig/ransomware-forensics-research-reveals-cybercrime-tradecraft-secrets">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30343">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 13:10:22">
13:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities 🕴</strong><br><br><code>Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.</code><br><br><a href="https://www.darkreading.com/endpoint/idrive-remote-desktop-offers-protection-from-rdp-cyberattacks-and-vulnerabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30344">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 13:10:23">
13:10
       </div>

       <div class="text">
<strong>🕴 Forcepoint to Acquire Bitglass 🕴</strong><br><br><code>Deal will merge Bitglass&apos;s security service edge technology with Forcepoint’s SASE architecture.</code><br><br><a href="https://www.darkreading.com/cloud/forcepoint-to-acquire-bitglass">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30345">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 13:24:32">
13:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40541 ‼</strong><br><br><code>PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without &quot;//&quot; in descript() function An authenticated user can trigger XSS by appending &quot;//&quot; in the end of text.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40541">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30346">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 13:24:34">
13:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40191 ‼</strong><br><br><code>Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30347">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:38">
15:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0583 ‼</strong><br><br><code>In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30348">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:38">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-27002 ‼</strong><br><br><code>NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30349">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:39">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-32028 ‼</strong><br><br><code>A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30350">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:40">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-27664 ‼</strong><br><br><code>Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30351">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:41">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20121 ‼</strong><br><br><code>The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device&apos;s web interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30352">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:45">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-22263 ‼</strong><br><br><code>An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with &apos;external&apos; status which is granted &apos;Maintainer&apos; role on any project on the GitLab instance where &apos;project tokens&apos; are allowed may elevate its privilege to &apos;Internal&apos; and access Internal projects.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30353">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:46">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-25633 ‼</strong><br><br><code>LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25633">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30354">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:48">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20122 ‼</strong><br><br><code>The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router&apos;s LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30355">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:49">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-39317 ‼</strong><br><br><code>Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30356">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:50">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-26588 ‼</strong><br><br><code>A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26588">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30357">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:50">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-37123 ‼</strong><br><br><code>There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user&apos;s identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30358">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:51">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-41117 ‼</strong><br><br><code>keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it&apos;s own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with &quot;true&quot; random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node&apos;s CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next &amp; 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next &amp; 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30359">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:24:53">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-27665 ‼</strong><br><br><code>An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30360">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 15:40:32">
15:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Handling Threat Intelligence Across Billions of Data Points 🕴</strong><br><br><code>Graph databases can play a role in threat intelligence and unraveling sprawling data.</code><br><br><a href="https://www.darkreading.com/dr-tech/handling-threat-intelligence-across-billions-of-data-points">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30361">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:44">
17:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25738 ‼</strong><br><br><code>Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30362">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:45">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40617 ‼</strong><br><br><code>An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30363">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:46">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-42252 ‼</strong><br><br><code>An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30364">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:47">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-27372 ‼</strong><br><br><code>A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30365">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:48">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40239 ‼</strong><br><br><code>A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30366">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:52">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40189 ‼</strong><br><br><code>PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to &quot;webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30367">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 17:24:53">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40188 ‼</strong><br><br><code>PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as &quot;.php, .php7, .phtml, .php5, ...&quot;. An attacker can upload a malicious file and execute code on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30368">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 18:16:50">
18:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Smart Ways a Security Team Can Win Stakeholder Trust 🕴</strong><br><br><code>By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.</code><br><br><a href="https://www.darkreading.com/edge-articles/7-smart-ways-a-security-team-can-win-stakeholder-trust">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30369">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 18:16:51">
18:16
       </div>

       <div class="text">
<strong>🕴 Wiz Reaches $6B Valuation 🕴</strong><br><br><code>Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth.</code><br><br><a href="https://www.darkreading.com/cloud/wiz-reaches-6b-valuation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30370">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 19:24:50">
19:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42257 ‼</strong><br><br><code>check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42257">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30371">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 19:24:51">
19:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-42260 ‼</strong><br><br><code>TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30372">

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 19:24:52">
19:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-23448 ‼</strong><br><br><code>All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23448">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30373">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 19:40:49">
19:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Overly Complex IT Infrastructures Pose Security Risk 🕴</strong><br><br><code>Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds.</code><br><br><a href="https://www.darkreading.com/operations/overly-complex-it-infrastructures-pose-security-risk">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30374">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.10.2021 21:08:19">
21:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apple quietly patches yet another iPhone 0-day – check you have 15.0.2 ⚠</strong><br><br><code>Oops!... They did it again.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/12/apple-quietly-patches-yet-another-iphone-0-day-check-you-have-15-0-2/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-922">

      <div class="body details">
12 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30375">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 07:25:19">
07:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42009 ‼</strong><br><br><code>An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42009">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30376">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:24">
09:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33727 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33727">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30377">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:25">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33728 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33728">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30378">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:26">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33726 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33726">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30379">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:28">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33723 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30380">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:29">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33735 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33735">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30381">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:30">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37199 ‼</strong><br><br><code>A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions &lt; V4.95). Affected devices don&apos;t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30382">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:30">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33729 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33729">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30383">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:31">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33732 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33732">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30384">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:32">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33722 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30385">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:33">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41546 ‼</strong><br><br><code>A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1400 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1500 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1501 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1510 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1511 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1512 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1524 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX1536 (All versions &lt; V2.14.1), RUGGEDCOM ROX RX5000 (All versions &lt; V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30386">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:37">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33734 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30387">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:38">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33731 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33731">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30388">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:39">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33736 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33736">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30389">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:40">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33724 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33724">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30390">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:41">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28145 ‼</strong><br><br><code>Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30391">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:45">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-27395 ‼</strong><br><br><code>A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions &lt; SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27395">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30392">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:46">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33725 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30393">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:47">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33730 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33730">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30394">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 09:25:48">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33733 ‼</strong><br><br><code>A vulnerability has been identified in SINEC NMS (All versions &lt; V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30395">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 11:11:53">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Chinese phone manufacturer ZTE launches public bug bounty program 🗓️</strong><br><br><code>Researchers invited to test for flaws under new YesWeHack platform</code><br><br><a href="https://portswigger.net/daily-swig/chinese-phone-manufacturer-zte-launches-public-bug-bounty-program">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30396">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 11:11:54">
11:11
       </div>

       <div class="text">
<strong>🕴 Not Hitting Your Security KPIs? Get the Whole Business Involved 🕴</strong><br><br><code>CISOs can deliver better outcomes and get the support they need by linking security processes to business results.</code><br><br><a href="https://www.darkreading.com/operations/not-hitting-your-security-kpis-get-the-whole-business-involved">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30397">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 11:11:54">
11:11
       </div>

       <div class="text">
<strong>🕴 RealDefense Completes Fourth Cyber Security Acquisition; Adds STOPzilla to Its Portfolio 🕴</strong><br><br><code>RealDefense holding company seeks to acquire additional security companies and brands through partnership with Corbel Capital Partners.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/realdefense-completes-fourth-cyber-security-acquisition-adds-stopzilla-to-its-portfolio">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30398">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:11:57">
12:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Oracle Cloud Joins ONUG Collaborative 🕴</strong><br><br><code>ONUG Collaborative welcomes new members including Oracle Cloud, Sysdig, Wiz, Intuit, Adobe, Qualys, and F5.</code><br><br><a href="https://www.darkreading.com/cloud/oracle-cloud-joins-onug-collaborative">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30399">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:11:57">
12:11
       </div>

       <div class="text">
<strong>🕴 Palo Alto Networks to Transfer Stock Exchange Listing to Nasdaq 🕴</strong><br><br><code>Palo Alto Networks anticipates meeting the requirements for inclusion in the NASDAQ-100 index when it rebalances in December.</code><br><br><a href="https://www.darkreading.com/cloud/palo-alto-networks-to-transfer-stock-exchange-listing-to-nasdaq">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30400">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:11:58">
12:11
       </div>

       <div class="text">
<strong>🕴 Kaspersky Updates Industrial Cybersecurity Service 🕴</strong><br><br><code>Kaspersky Industrial CyberSecurity unlocks centralized management and visibility across entire OT infrastructure.</code><br><br><a href="https://www.darkreading.com/operations/kaspersky-updates-industrial-cybersecurity-service">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30401">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:20:57">
12:20
       </div>

       <div class="text">
<strong>❌ Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug ❌</strong><br><br><code>The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a &quot;great&quot; flaw that can be used for jailbreaks and local privilege escalation.</code><br><br><a href="https://threatpost.com/apple-urgent-ios-updates-zero-day/175419/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30402">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:35:26">
12:35
       </div>

       <div class="text">
<strong>🦿 Remote security: 5 tips 🦿</strong><br><br><code>Tom Merritt shows us how to be extra safe while more workers than ever before are working from their home offices.</code><br><br><a href="https://www.techrepublic.com/videos/remote-security-5-tips/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30403">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:35:27">
12:35
       </div>

       <div class="text">
<strong>🦿 Top 5 tips for remote security 🦿</strong><br><br><code>With more workers at home than ever before, security has become an even bigger concern. Tom Merritt shows us how to be extra safe.</code><br><br><a href="https://www.techrepublic.com/article/top-5-tips-for-remote-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30404">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 12:35:28">
12:35
       </div>

       <div class="text">
<strong>🦿 How to protect your organization from security threats across your supply chain 🦿</strong><br><br><code>In a survey by BlueVoyant, 97% of people said they&apos;ve been impacted by a security breach that occurred in their supply chain.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-your-organization-from-security-threats-across-your-supply-chain/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30405">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:02:26">
13:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ NSA warns of heightened wildcard TLS certificate risk 🗓️</strong><br><br><code>Wild Alpaca peril</code><br><br><a href="https://portswigger.net/daily-swig/nsa-warns-of-heightened-wildcard-tls-certificate-risk">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30406">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:12:03">
13:12
       </div>

       <div class="text">
<strong>🕴 Google Launches Security Advisory Service, Security to Workspaces 🕴</strong><br><br><code>Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft.</code><br><br><a href="https://www.darkreading.com/cloud/google-launches-security-advisory-service-security-to-workspaces">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30407">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:32">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38452 ‼</strong><br><br><code>A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38452">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30408">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:33">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40498 ‼</strong><br><br><code>A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30409">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:34">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38454 ‼</strong><br><br><code>A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38454">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30410">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:36">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25634 ‼</strong><br><br><code>LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25634">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30411">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:37">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38456 ‼</strong><br><br><code>A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38456">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30412">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:38">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40500 ‼</strong><br><br><code>SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30413">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:39">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38460 ‼</strong><br><br><code>A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38460">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30414">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:40">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37726 ‼</strong><br><br><code>A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37726">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30415">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:41">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40495 ‼</strong><br><br><code>There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30416">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:42">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38180 ‼</strong><br><br><code>SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim&apos;s computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38180">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30417">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:43">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38178 ‼</strong><br><br><code>The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30418">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:44">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38183 ‼</strong><br><br><code>SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30419">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:45">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40497 ‼</strong><br><br><code>SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30420">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:46">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21940 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30421">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:47">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37727 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37727">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30422">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:51">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40499 ‼</strong><br><br><code>Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30423">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:52">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37730 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37730">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30424">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:53">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21941 ‼</strong><br><br><code>A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30425">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:54">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38458 ‼</strong><br><br><code>A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30426">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:25:56">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40496 ‼</strong><br><br><code>SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30427">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 13:32:24">
13:32
       </div>

       <div class="text">
<strong>🗓️ Google distributing 10,000 security keys to journalists, elected officials, human rights activists 🗓️</strong><br><br><code>Global initiative ‘will definitely prevent some cyber-attacks’, says expert</code><br><br><a href="https://portswigger.net/daily-swig/google-distributing-10-000-security-keys-to-journalists-elected-officials-human-rights-activists">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30428">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 14:05:28">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The different types of sudo and su in Linux 🦿</strong><br><br><code>Jack Wallen demystifies these two Linux admin tools because knowing which sudo or su command to run is important.</code><br><br><a href="https://www.techrepublic.com/videos/the-different-types-of-sudo-and-su-in-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30429">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 14:05:29">
14:05
       </div>

       <div class="text">
<strong>🦿 What it costs to hire a hacker on the Dark Web 🦿</strong><br><br><code>Though the final price for a cybercriminal&apos;s services is usually negotiated, personal attacks are the most expensive, says Comparitech.</code><br><br><a href="https://www.techrepublic.com/article/what-it-costs-to-hire-a-hacker-on-the-dark-web/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30430">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 14:11:41">
14:11
       </div>

       <div class="text">
<strong>🕴 Why Choke-Point Analysis Is Essential in Active Directory Security 🕴</strong><br><br><code>Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths.</code><br><br><a href="https://www.darkreading.com/application-security/why-choke-point-analysis-is-essential-in-active-directory-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30431">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 14:51:03">
14:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Office 365 Spy Campaign Targets US Military Defense ❌</strong><br><br><code>An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.</code><br><br><a href="https://threatpost.com/military-defense-spy-campaign/175425/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30432">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:39">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37732 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37732">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30433">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:39">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41797 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41797">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30434">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:40">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41071 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30435">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:42">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37734 ‼</strong><br><br><code>A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30436">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:43">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37735 ‼</strong><br><br><code>A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37735">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30437">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:44">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41136 ‼</strong><br><br><code>Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request&apos;s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30438">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:45">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41796 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41796">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30439">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:46">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35214 ‼</strong><br><br><code>The vulnerability can be described as a failure to invalidate user session upon password change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35214">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30440">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 15:25:47">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41070 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41070">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30441">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 16:51:15">
16:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Windows Zero-Day Actively Exploited in Widespread Espionage Campaign ❌</strong><br><br><code>The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.</code><br><br><a href="https://threatpost.com/windows-zero-day-exploited-espionage/175432/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30442">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:42">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29644 ‼</strong><br><br><code>Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30443">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:43">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-29645 ‼</strong><br><br><code>Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30444">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:44">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-27003 ‼</strong><br><br><code>Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30445">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:45">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40292 ‼</strong><br><br><code>A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30446">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:46">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-42326 ‼</strong><br><br><code>Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30447">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:50">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40618 ‼</strong><br><br><code>An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30448">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:51">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35494 ‼</strong><br><br><code>The Rest API component of TIBCO Software Inc.&apos;s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.&apos;s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30449">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:52">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3671 ‼</strong><br><br><code>A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30450">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:52">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35495 ‼</strong><br><br><code>The Scheduler Connection component of TIBCO Software Inc.&apos;s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.&apos;s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30451">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:53">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35496 ‼</strong><br><br><code>The XMLA Connections component of TIBCO Software Inc.&apos;s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.&apos;s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30452">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:58">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-39184 ‼</strong><br><br><code>Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a &quot;thumbnail&quot; image of an arbitrary file on the user&apos;s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one&apos;s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30453">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:25:59">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38862 ‼</strong><br><br><code>IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30454">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:26:00">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-38915 ‼</strong><br><br><code>IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30455">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:35:31">
17:35
       </div>

       <div class="text">
<strong>🦿 Get lifetime access to 9 courses to help you pass the most popular CompTIA exams 🦿</strong><br><br><code>You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.</code><br><br><a href="https://www.techrepublic.com/article/get-lifetime-access-to-9-courses-to-help-you-pass-the-most-popular-comptia-exams/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30456">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:38:32">
17:38
       </div>

       <div class="text">
<strong>♟️ Patch Tuesday, October 2021 Edition ♟️</strong><br><br><code>Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month&apos;s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.</code><br><br><a href="https://krebsonsecurity.com/2021/10/patch-tuesday-october-2021-edition/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30457">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 17:42:18">
17:42
       </div>

       <div class="text">
<strong>🕴 Smaller &apos;Bit and Piece&apos; DDoS Attacks Slam Servers to Evade Mitigation Systems 🕴</strong><br><br><code>Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/smaller-bit-and-piece-ddos-attacks-slam-servers-to-evade-mitigation-systems">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30458">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 18:12:22">
18:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 High-Profile Breaches Are Shifting Enterprise Security Strategy 🕴</strong><br><br><code>Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/high-profile-breaches-are-shifting-enterprise-security-strategy">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30459">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:21:10">
19:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign ❌</strong><br><br><code>Microsoft&apos;s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.</code><br><br><a href="https://threatpost.com/microsoft-patch-tuesday-bug-exploited-mysterysnail-espionage-campaign/175431/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30460">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:47">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-22679 ‼</strong><br><br><code>Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30461">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:48">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-42325 ‼</strong><br><br><code>Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30462">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:49">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-22678 ‼</strong><br><br><code>An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30463">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:49">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-22674 ‼</strong><br><br><code>An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22674">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30464">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:50">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-22673 ‼</strong><br><br><code>Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22673">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30465">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:55">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-22677 ‼</strong><br><br><code>An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30466">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:25:55">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-22675 ‼</strong><br><br><code>An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30467">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 19:42:26">
19:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified 🕴</strong><br><br><code>Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.</code><br><br><a href="https://www.darkreading.com/operations/former-director-of-it-and-cybersecurity-for-warren-presidential-campaign-launches-personified">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30468">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 20:12:31">
20:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Fixes Zero-Day Flaw in Win32 Driver 🕴</strong><br><br><code>A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/microsoft-october-patch-update-includes-fix-for-0-day-flaw-in-win32-driver">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30469">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 21:25:52">
21:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20031 ‼</strong><br><br><code>A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30470">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 21:25:53">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3322 ‼</strong><br><br><code>Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions &gt;= &gt;=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3322">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30471">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 21:25:54">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3330 ‼</strong><br><br><code>RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions &gt;= &gt;=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30472">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 21:25:55">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3321 ‼</strong><br><br><code>Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions &gt;= &gt;=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30473">

      <div class="body">

       <div class="pull_right date details" title="12.10.2021 21:25:55">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3323 ‼</strong><br><br><code>Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions &gt;= &gt;=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-923">

      <div class="body details">
13 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30474">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:22">
02:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41337 ‼</strong><br><br><code>Active Directory Security Feature Bypass Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30475">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:24">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41339 ‼</strong><br><br><code>Microsoft DWM Core Library Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30476">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:25">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41334 ‼</strong><br><br><code>Windows Desktop Bridge Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30477">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:26">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-40464 ‼</strong><br><br><code>Windows Nearby Sharing Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40464">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30478">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:27">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41343 ‼</strong><br><br><code>Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30479">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:28">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-40486 ‼</strong><br><br><code>Microsoft Word Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40486">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30480">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:29">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-40485 ‼</strong><br><br><code>Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40485">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30481">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:30">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41336 ‼</strong><br><br><code>Windows Kernel Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30482">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:32">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-26441 ‼</strong><br><br><code>Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30483">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:33">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41335 ‼</strong><br><br><code>Windows Kernel Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30484">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:34">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-40467 ‼</strong><br><br><code>Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40467">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30485">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:34">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41338 ‼</strong><br><br><code>Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30486">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:36">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34453 ‼</strong><br><br><code>Microsoft Exchange Server Denial of Service Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30487">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:37">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41355 ‼</strong><br><br><code>.NET Core and Visual Studio Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30488">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:38">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41330 ‼</strong><br><br><code>Microsoft Windows Media Foundation Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30489">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:39">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41331 ‼</strong><br><br><code>Windows Media Audio Decoder Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30490">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:40">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41353 ‼</strong><br><br><code>Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30491">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:41">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-40487 ‼</strong><br><br><code>Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40487">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30492">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:42">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41347 ‼</strong><br><br><code>Windows AppX Deployment Service Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30493">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 02:32:43">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-40484 ‼</strong><br><br><code>Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40484">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30494">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 07:32:43">
07:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Firefox Suggest lands in the US, bringing ads to the browser search bar 🗓️</strong><br><br><code>New feature has been rolled out to a select group of users in the US</code><br><br><a href="https://portswigger.net/daily-swig/firefox-suggest-lands-in-the-us-bringing-ads-to-the-browser-search-bar">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30495">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 08:51:42">
08:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware ❌</strong><br><br><code>The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.</code><br><br><a href="https://threatpost.com/rapid-attacks-extort-ransomware/175445/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30496">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 09:26:23">
09:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33609 ‼</strong><br><br><code>Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30497">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 10:26:47">
10:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances ❌</strong><br><br><code>Cybercriminals exploited bugs in the world&apos;s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.</code><br><br><a href="https://threatpost.com/opensea-nfts-cryptowallet-balances/175453/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30498">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 10:32:49">
10:32
       </div>

       <div class="text">
<strong>🗓️ Nagios XI updated to address trio of security vulnerabilities 🗓️</strong><br><br><code>Post-auth flaws could give attackers a platform from which to pivot to other parts of the network</code><br><br><a href="https://portswigger.net/daily-swig/nagios-xi-updated-to-address-trio-of-security-vulnerabilities">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30499">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 11:05:19">
11:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mandating a Zero-Trust Approach for Software Supply Chains ❌</strong><br><br><code>Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.</code><br><br><a href="https://threatpost.com/mandate-zero-trust-software-supply-chains/175333/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30500">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 11:05:20">
11:05
       </div>

       <div class="text">
<strong>🗓️ ‘Find out what sparks joy’ – YouTube educator and security expert Katie Paxton-Fear on carving out a successful infosec career 🗓️</strong><br><br><code>‘Never stop learning’, Swig readers told during Q&amp;A session</code><br><br><a href="https://portswigger.net/daily-swig/find-out-what-sparks-joy-youtube-educator-and-security-expert-katie-paxton-fear-on-carving-out-a-successful-infosec-career">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30501">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 11:13:27">
11:13
       </div>

       <div class="text">
<strong>🕴 A Close Look at Russia&apos;s Ghostwriter Campaign 🕴</strong><br><br><code>The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/a-close-look-at-russia-s-ghostwriter-campaign">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30502">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 12:02:06">
12:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ How Coinbase Phishers Steal One-Time Passwords ♟️</strong><br><br><code>A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.</code><br><br><a href="https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30503">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 12:06:00">
12:06
       </div>

       <div class="text">
<strong>🦿 Securing Microsoft 365 with app governance 🦿</strong><br><br><code>How can you protect your network and data from consent phishing attacks? Microsoft&apos;s new app compliance program can help.</code><br><br><a href="https://www.techrepublic.com/article/securing-microsoft-365-with-app-governance/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30504">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 12:43:27">
12:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Corelight Unveils Corelight Labs, a Hub for Research and Innovation 🕴</strong><br><br><code>Company expands its research expertise with addition of AI and security operations experts from its PatternEx acquisition to the Labs team.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/corelight-unveils-corelight-labs-a-hub-for-research-and-innovation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30505">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 13:02:54">
13:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Unresolved GitHub Actions flaw allows code to be approved without review 🗓️</strong><br><br><code>Mitigations are available for yet-to-be-fixed vulnerability</code><br><br><a href="https://portswigger.net/daily-swig/unresolved-github-actions-flaw-allows-code-to-be-approved-without-review">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30506">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 13:21:48">
13:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers ❌</strong><br><br><code>A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.</code><br><br><a href="https://threatpost.com/brizy-wordpress-plugin-exploit-site-takeovers/175463/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30507">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 13:26:36">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-34814 ‼</strong><br><br><code>Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30508">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 13:26:37">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41137 ‼</strong><br><br><code>Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in `RELEASE.2021-10-13T00-23-17Z`. A downgrade back to release `RELEASE.2021-10-08T23-58-24Z` is available as a workaround.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30509">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 13:26:38">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-39304 ‼</strong><br><br><code>Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30510">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 14:06:04">
14:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Dark Web: Many cybercrime services sell for less than $500 🦿</strong><br><br><code>A ransomware kit costs as little as $66, though it needs to be modified, while a spearphishing attack can run as low as $100, says Altas VPN.</code><br><br><a href="https://www.techrepublic.com/article/dark-web-many-cybercrime-services-sell-for-less-than-500/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30511">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 14:09:05">
14:09
       </div>

       <div class="text">
<strong>⚠ Apple quietly patches yet another iPhone 0-day – check you have 15.0.2 ⚠</strong><br><br><code>Oops!... They did it again.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/12/apple-quietly-patches-yet-another-iphone-0-day-check-you-have-15-0-2/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30512">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 14:09:06">
14:09
       </div>

       <div class="text">
<strong>⚠ Romance scams with a cryptocurrency twist – new research from SophosLabs ⚠</strong><br><br><code>Romance scams and dating site treachery with a new twist - &quot;there&apos;s an app for that!&quot;</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30513">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:41">
15:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22036 ‼</strong><br><br><code>VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22036">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30514">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:42">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-22035 ‼</strong><br><br><code>VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user&apos;s environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30515">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:43">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-22033 ‼</strong><br><br><code>Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22033">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30516">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:44">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20125 ‼</strong><br><br><code>An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30517">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:45">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-40732 ‼</strong><br><br><code>XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40732">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30518">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:47">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20124 ‼</strong><br><br><code>A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30519">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:48">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3057 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30520">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:49">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20126 ‼</strong><br><br><code>Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30521">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:50">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20127 ‼</strong><br><br><code>An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30522">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:51">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-35498 ‼</strong><br><br><code>The TIBCO EBX Web Server component of TIBCO Software Inc.&apos;s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.&apos;s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30523">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:52">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20129 ‼</strong><br><br><code>An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30524">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:53">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20128 ‼</strong><br><br><code>The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30525">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:54">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41138 ‼</strong><br><br><code>Frontier is Substrate&apos;s Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent `pallet-evm` execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit `146bb48849e5393004be5c88beefe76fdf009aba`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30526">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:55">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41139 ‼</strong><br><br><code>Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible to craft the URI with malicious JavaScript, use social engineering to convince logged on user to click on such link, and have the attacker-supplied JavaScript to be executed in user&apos;s browser. This issue is patched in version 1.19.30.5600. As a workaround, one may introduce `ttValidDbDateFormatDate` function as in the latest version and add a call to it within the access checks block in time.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30527">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:26:56">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20123 ‼</strong><br><br><code>A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30528">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 15:55:15">
15:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Microsoft Fends Off 2.4 Tbps DDoS Attack 🔏</strong><br><br><code>The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.</code><br><br><a href="https://digitalguardian.com/blog/microsoft-fends-24-tbps-ddos-attack">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30529">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 16:13:40">
16:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Are You Ready for the Privacy Laws Tsunami? 🕴</strong><br><br><code>Think PCI, HIPAA, and GDPR compliance is tough? There&apos;s a tsunami of similar laws on the way. Prepare your business for success with privacy by design.</code><br><br><a href="https://www.darkreading.com/application-security/are-you-ready-for-the-privacy-laws-tsunami-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30530">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:21:58">
17:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FreakOut Botnet Turns DVRs Into Monero Cryptominers ❌</strong><br><br><code>The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.</code><br><br><a href="https://threatpost.com/freakout-botnet-dvrs-monero-cryptominers/175467/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30531">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:48">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42224 ‼</strong><br><br><code>SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30532">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:50">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-26318 ‼</strong><br><br><code>A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30533">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:51">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20130 ‼</strong><br><br><code>ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30534">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:52">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20131 ‼</strong><br><br><code>ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30535">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:52">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-40842 ‼</strong><br><br><code>Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30536">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:56">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-40843 ‼</strong><br><br><code>Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30537">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:26:57">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42223 ‼</strong><br><br><code>Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30538">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 17:36:06">
17:36
       </div>

       <div class="text">
<strong>🦿 How to get the most bang for your buck out of your cybersecurity budget 🦿</strong><br><br><code>More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.</code><br><br><a href="https://www.techrepublic.com/article/how-to-get-the-most-bang-for-your-buck-out-of-your-cybersecurity-budget/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30539">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 18:44:04">
18:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Does a Chief Product Security Officer Do? 🕴</strong><br><br><code>A CPSO bridges the gap between developers and security to ensure products are built securely and safely.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/what-does-a-chief-product-security-officer-do-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30540">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 18:44:05">
18:44
       </div>

       <div class="text">
<strong>🕴 VirusTotal Shares Data on Ransomware Activity 🕴</strong><br><br><code>Google&apos;s online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/virustotal-shares-data-on-ransomware-activity">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30541">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 19:06:09">
19:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 3 risk management priorities CIOs are focused on right now 🦿</strong><br><br><code>CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.</code><br><br><a href="https://www.techrepublic.com/article/3-risk-management-priorities-cios-are-focused-on-right-now/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30542">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 19:06:10">
19:06
       </div>

       <div class="text">
<strong>🦿 Has COVID-19 or supply chain issues affected your organization&apos;s cybersecurity plans? 🦿</strong><br><br><code>What do you really think about your company&apos;s cybersecurity strategy? Take this quick, multiple choice survey and tell us.</code><br><br><a href="https://www.techrepublic.com/article/whats-your-organizations-cybersecurity-strategy/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30543">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 19:13:49">
19:13
       </div>

       <div class="text">
<strong>🕴 SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks 🕴</strong><br><br><code>Company’s virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.</code><br><br><a href="https://www.darkreading.com/cloud/sonicwall-secures-mix-of-cloud-hybrid-and-traditional-networks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30544">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 19:43:51">
19:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Fugue Adds Kubernetes Security Checks to Secure Infrastructure-As-Code 🕴</strong><br><br><code>Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.</code><br><br><a href="https://www.darkreading.com/dr-tech/fugue-adds-kubernetes-security-checks-to-secure-infrastructure-as-code">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30545">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 21:26:55">
21:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41075 ‼</strong><br><br><code>The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30546">

      <div class="body">

       <div class="pull_right date details" title="13.10.2021 21:26:56">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-40493 ‼</strong><br><br><code>Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-924">

      <div class="body details">
14 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30547">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 07:34:02">
07:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42341 ‼</strong><br><br><code>checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the &apos;\0&apos; byte at the end of the string. This results in memory corruption.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30548">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 07:34:03">
07:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-3882 ‼</strong><br><br><code>LedgerSMB does not set the &apos;Secure&apos; attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can&apos;t access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don&apos;t need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the &apos;Header always edit&apos; configuration command in the mod_headers module. For Nginx, please refer to the &apos;proxy_cookie_flags&apos; configuration command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30549">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 07:34:04">
07:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-40854 ‼</strong><br><br><code>AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30550">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 07:34:05">
07:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42342 ‼</strong><br><br><code>An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42342">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30551">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 09:39:19">
09:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/14/s3-ep54-another-0-day-double-apache-patch-and-fight-the-phish-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30552">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 09:39:20">
09:39
       </div>

       <div class="text">
<strong>⚠ Romance scams with a cryptocurrency twist – new research from SophosLabs ⚠</strong><br><br><code>Romance scams and dating site treachery with a new twist - &quot;there&apos;s an app for that!&quot;</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30553">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 10:03:18">
10:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Git providers revoke weak keys generated in vulnerable GitKraken crypto library 🗓️</strong><br><br><code>Weak SSH keys have been revoked by vendors to protect their users</code><br><br><a href="https://portswigger.net/daily-swig/git-providers-revoke-weak-keys-generated-in-vulnerable-gitkraken-crypto-library">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30554">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 10:14:42">
10:14
       </div>

       <div class="text">
<strong>🕴 6 Lessons From the Expiration of the Let&apos;s Encrypt Root Certificate 🕴</strong><br><br><code>Fallout from the transition highlights the need for organizations to monitor and have processes for updating CA roots, experts say.</code><br><br><a href="https://www.darkreading.com/cloud/six-takeaways-from-the-let-s-encrypt-root-certificate-expiration">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30555">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 11:03:19">
11:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once ❌</strong><br><br><code>Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.</code><br><br><a href="https://threatpost.com/podcast-67-percent-orgs-ransomware/175339/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30556">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 11:03:20">
11:03
       </div>

       <div class="text">
<strong>🗓️ Israeli hospital cancels non-urgent procedures following ransomware attack 🗓️</strong><br><br><code>National cybersecurity agency braced for further serious network intrusions</code><br><br><a href="https://portswigger.net/daily-swig/israeli-hospital-cancels-non-urgent-procedures-following-ransomware-attack">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30557">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 11:14:45">
11:14
       </div>

       <div class="text">
<strong>🕴 How Security Teams Can Reinforce End-User Awareness 🕴</strong><br><br><code>Training programs provide the information, but security teams can reinforce these for better end-user education.</code><br><br><a href="https://www.darkreading.com/risk/how-security-teams-can-reinforce-end-user-awareness">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30558">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 12:22:34">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features ❌</strong><br><br><code>The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple&apos;s app review process, remains active.</code><br><br><a href="https://threatpost.com/cryptorom-scammers-apple-enterprise-features/175474/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30559">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 12:33:22">
12:33
       </div>

       <div class="text">
<strong>🗓️ Dutch police warn DDoS-for-hire customers to desist or face prosecution 🗓️</strong><br><br><code>We know what you DDoSed last summer</code><br><br><a href="https://portswigger.net/daily-swig/dutch-police-warn-ddos-for-hire-customers-to-desist-or-face-prosecution">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30560">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:06:31">
13:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to configure SSH to use a non-standard port with SELinux set to enforcing 🦿</strong><br><br><code>Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/article/how-to-configure-ssh-to-use-a-non-standard-port-with-selinux-set-to-enforcing/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30561">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:36">
13:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-19961 ‼</strong><br><br><code>A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30562">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:38">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-33177 ‼</strong><br><br><code>The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30563">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:39">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-19964 ‼</strong><br><br><code>A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19964">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30564">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:40">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20599 ‼</strong><br><br><code>Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30565">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:40">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-19960 ‼</strong><br><br><code>A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30566">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:45">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-19962 ‼</strong><br><br><code>A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19962">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30567">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:45">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-22963 ‼</strong><br><br><code>A redirect vulnerability in the fastify-static module version &lt; 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22963">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30568">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:46">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-19957 ‼</strong><br><br><code>A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30569">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:47">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-19954 ‼</strong><br><br><code>An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30570">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:48">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-33178 ‼</strong><br><br><code>The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30571">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:52">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-22964 ‼</strong><br><br><code>A redirect vulnerability in the `fastify-static` module version &gt;= 4.2.4 and &lt; 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is &quot;http://localhost:3000//^/..&quot;`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22964">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30572">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:53">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-19959 ‼</strong><br><br><code>A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19959">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30573">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 13:27:54">
13:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-33179 ‼</strong><br><br><code>The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30574">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 14:23:18">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Human Element Is the Weakest Link 🕴</strong><br><br><code>While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours.</code><br><br><a href="https://www.darkreading.com/risk/the-human-element-is-the-weakest-link">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30575">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 14:45:01">
14:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Open Source Security Foundation Raises $10M 🕴</strong><br><br><code>Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden&apos;s executive order and commit to a more secure future for software.</code><br><br><a href="https://www.darkreading.com/application-security/open-source-security-foundation-raises-10m">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30576">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:07:41">
15:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability ♟️</strong><br><br><code>On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the &quot;hackers&quot; and anyone who aided the publication in its &quot;attempt to embarrass the state and sell headlines for their news outlet.&quot;</code><br><br><a href="https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30577">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:22:37">
15:22
       </div>

       <div class="text">
<strong>❌ Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack ❌</strong><br><br><code>Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.</code><br><br><a href="https://threatpost.com/verizon-visible-wireless-credential-stuffing/175483/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30578">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:42">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-38345 ‼</strong><br><br><code>The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy &lt;= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30579">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:43">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-37933 ‼</strong><br><br><code>An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30580">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:44">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-41132 ‼</strong><br><br><code>OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30581">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:44">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-32569 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30582">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:46">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-38346 ‼</strong><br><br><code>The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with &quot;../&quot; to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30583">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:50">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-39330 ‼</strong><br><br><code>The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30584">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:51">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-38344 ‼</strong><br><br><code>The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30585">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:52">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-41142 ‼</strong><br><br><code>Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30586">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:53">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42228 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, (you only need to search in google: inurl:/examples/uploadbutton.html) and then use the authority of this website to trick users into clicking your malicious html link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30587">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 15:27:54">
15:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42227 ‼</strong><br><br><code>Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30588">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 16:11:41">
16:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Broadcom Software&apos;s Symantec Threat Hunter Team discovers first-of-its-kind ransomware 🦿</strong><br><br><code>The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it&apos;s dangerous.</code><br><br><a href="https://www.techrepublic.com/article/broadcom-softwares-symantec-threat-hunter-team-discovers-first-of-its-kind-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30589">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 16:15:07">
16:15
       </div>

       <div class="text">
<strong>🕴 Praetorian Launches Snowcat Tool for Istio 🕴</strong><br><br><code>Snowcat is the world&apos;s first static analysis tool dedicated to Istio.</code><br><br><a href="https://www.darkreading.com/cloud/praetorian-launches-snowcat-tool-for-istio">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30590">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 16:55:55">
16:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 2021 to Date Has Seen More Data Breaches Than 2020 🔏</strong><br><br><code>We&apos;re poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.</code><br><br><a href="https://digitalguardian.com/blog/2021-date-has-seen-more-data-breaches-2020">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30591">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:15:11">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn 🕴</strong><br><br><code>CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart &quot;ongoing&quot; threats targeting IT and OT networks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cisa-fbi-nsa-us-water-and-wastewater-facilities-targeted-in-cyberattacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30592">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:27:46">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-32571 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30593">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:27:47">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42369 ‼</strong><br><br><code>Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the &quot;Export to CSV&quot; feature of the Contact Manager web GUI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42369">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30594">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:27:47">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36389 ‼</strong><br><br><code>In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page &quot;MIImage.i4&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30595">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:27:49">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36387 ‼</strong><br><br><code>In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page &quot;ActivityStreamAjax.i4&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36387">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30596">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:27:49">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36388 ‼</strong><br><br><code>In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page &quot;MIIAvatarImage.i4&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36388">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30597">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:36:36">
17:36
       </div>

       <div class="text">
<strong>🦿 How a vishing attack spoofed Microsoft to try to gain remote access 🦿</strong><br><br><code>A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.</code><br><br><a href="https://www.techrepublic.com/article/how-a-vishing-attack-spoofed-microsoft-to-try-to-gain-remote-access/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30598">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:45:10">
17:45
       </div>

       <div class="text">
<strong>🕴 Deepfence Announces Open Source Availability of ThreatMapper 🕴</strong><br><br><code>Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.</code><br><br><a href="https://www.darkreading.com/application-security/deepfence-announces-open-source-availability-of-threatmapper">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30599">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 17:52:44">
17:52
       </div>

       <div class="text">
<strong>❌ Rickroll Grad Prank Exposes Exterity IPTV Bug ❌</strong><br><br><code>IPTV and IP video security is increasingly under scrutiny, even by high school kids.</code><br><br><a href="https://threatpost.com/rickroll-exterity-iptv-bug/175491/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30600">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 18:15:13">
18:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Increased Security Spending to Support Distributed Workforce 🕴</strong><br><br><code>Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.</code><br><br><a href="https://www.darkreading.com/tech-trends/increased-security-spending-to-support-distributed-workforce">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30601">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 18:45:13">
18:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Enterprise Data Storage Environments Riddled With Vulnerabilities 🕴</strong><br><br><code>Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/enterprise-storage-environments-riddled-with-vulnerabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30602">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 19:27:53">
19:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42340 ‼</strong><br><br><code>The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30603">

      <div class="body">

       <div class="pull_right date details" title="14.10.2021 19:27:54">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-38295 ‼</strong><br><br><code>In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-925">

      <div class="body details">
15 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30604">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 10:03:46">
10:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access 🗓️</strong><br><br><code>Fastest Cache is used by more than one million people</code><br><br><a href="https://portswigger.net/daily-swig/injection-vulnerabilities-in-popular-wordpress-plugin-could-expose-credentials-allow-admin-access">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30605">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:23:18">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor 🕴</strong><br><br><code>Why a passion for helping people is key to delivering effective cybersecurity solutions.</code><br><br><a href="https://www.darkreading.com/careers-and-people/from-help-desk-to-head-of-soc-building-a-cybersecurity-career-on-empathy-and-candor">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30606">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:35">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-37737 ‼</strong><br><br><code>A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30607">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:36">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39332 ‼</strong><br><br><code>The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30608">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:38">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42332 ‼</strong><br><br><code>The “List Viewâ€� function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30609">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:40">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40999 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30610">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:40">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-38431 ‼</strong><br><br><code>An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38431">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30611">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:42">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39335 ‼</strong><br><br><code>The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30612">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:43">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39344 ‼</strong><br><br><code>The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30613">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:43">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39349 ‼</strong><br><br><code>The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30614">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:45">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39345 ‼</strong><br><br><code>The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30615">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:49">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42333 ‼</strong><br><br><code>The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30616">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:49">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42335 ‼</strong><br><br><code>Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30617">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:50">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39338 ‼</strong><br><br><code>The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30618">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:51">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42331 ‼</strong><br><br><code>The “Study Editâ€� function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30619">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:52">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39334 ‼</strong><br><br><code>The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30620">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:54">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-37736 ‼</strong><br><br><code>A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37736">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30621">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:55">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39336 ‼</strong><br><br><code>The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30622">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:56">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42330 ‼</strong><br><br><code>The “Teacher Editâ€� function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30623">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:57">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42336 ‼</strong><br><br><code>The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30624">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:28:58">
11:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42329 ‼</strong><br><br><code>The “List_Addâ€� function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30625">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 11:29:02">
11:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-42334 ‼</strong><br><br><code>The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30626">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 12:03:50">
12:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Missouri governor criticized for confusing vulnerability disclosure with criminal hacking 🗓️</strong><br><br><code>Politician’s accusations unleash torrent of criticism and snarky memes from incredulous infosec pros</code><br><br><a href="https://portswigger.net/daily-swig/missouri-governor-criticized-for-confusing-vulnerability-disclosure-with-criminal-hacking">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30627">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 12:51:33">
12:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Evolution Equity Partners Close $400M for Cybersecurity Investments 🕴</strong><br><br><code>The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.</code><br><br><a href="https://www.darkreading.com/operations/evolution-equity-partners-close-400m-for-cybersecurity-investment">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30628">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 12:56:30">
12:56
       </div>

       <div class="text">
<strong>🔏 Friday Five 10/15 🔏</strong><br><br><code>Giving security keys to at risk users, a summit to stop ransomware, and financial losses from cyberattacks pile up - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-10/15">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30629">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:40">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40721 ‼</strong><br><br><code>Adobe Connect version 11.2.2 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40721">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30630">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:41">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39864 ‼</strong><br><br><code>Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30631">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:42">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40997 ‼</strong><br><br><code>A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30632">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:44">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40987 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30633">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:45">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40996 ‼</strong><br><br><code>A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40996">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30634">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:46">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40731 ‼</strong><br><br><code>Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40731">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30635">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:47">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40986 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30636">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:48">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40730 ‼</strong><br><br><code>Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40730">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30637">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:50">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-3874 ‼</strong><br><br><code>bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (&apos;Path Traversal&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30638">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:51">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-37738 ‼</strong><br><br><code>A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30639">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:52">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40995 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40995">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30640">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:54">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-3878 ‼</strong><br><br><code>corenlp is vulnerable to Improper Restriction of XML External Entity Reference</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3878">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30641">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:55">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-37739 ‼</strong><br><br><code>A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30642">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:56">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-38432 ‼</strong><br><br><code>FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38432">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30643">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:57">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40990 ‼</strong><br><br><code>A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30644">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:57">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-40724 ‼</strong><br><br><code>Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40724">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30645">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:58">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-3875 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30646">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:28:59">
13:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-3881 ‼</strong><br><br><code>libmobi is vulnerable to Out-of-bounds Read</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3881">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30647">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:29:03">
13:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40991 ‼</strong><br><br><code>A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30648">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 13:29:05">
13:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40989 ‼</strong><br><br><code>A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30649">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 14:09:47">
14:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 &apos;Clumsy&apos; BlackByte Malware Reuses Crypto Keys, Worms Into Networks 🕴</strong><br><br><code>Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/-clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30650">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 14:09:48">
14:09
       </div>

       <div class="text">
<strong>⚠ S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/14/s3-ep54-another-0-day-double-apache-patch-and-fight-the-phish-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30651">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 14:09:49">
14:09
       </div>

       <div class="text">
<strong>⚠ LANtenna hack spies on your data from across the room! (Sort of) ⚠</strong><br><br><code>Are your network cables acting as undercover wireless transmitters? What can you do if they are?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/15/lantenna-hack-spies-on-your-data-from-across-the-room-sort-of/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30652">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 14:53:18">
14:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak ❌</strong><br><br><code>Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.</code><br><br><a href="https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30653">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:07:04">
15:07
       </div>

       <div class="text">
<strong>🦿 Data center admins: Learn how to run a basic vulnerability scan on your Linux servers with Nessus 🦿</strong><br><br><code>Make sure the Linux servers in your data center are free from vulnerabilities by scanning them immediately using Nessus.</code><br><br><a href="https://www.techrepublic.com/videos/data-center-admins-learn-how-to-run-a-basic-vulnerability-scan-on-your-linux-servers-with-nessus/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30654">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:07:05">
15:07
       </div>

       <div class="text">
<strong>🦿 The White House holds an international summit on ransomware: What you should know 🦿</strong><br><br><code>This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded.</code><br><br><a href="https://www.techrepublic.com/article/the-white-house-holds-an-international-summit-on-ransomware-what-you-should-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30655">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:16:46">
15:16
       </div>

       <div class="text">
<strong>🕴 How Attackers Hack Humans 🕴</strong><br><br><code>Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.</code><br><br><a href="https://www.darkreading.com/edge-articles/how-attackers-hack-humans">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30656">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:23:18">
15:23
       </div>

       <div class="text">
<strong>❌ TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates ❌</strong><br><br><code>The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.</code><br><br><a href="https://threatpost.com/trickbot-cybercrime-elite-affiliates/175510/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30657">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:28:45">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28021 ‼</strong><br><br><code>Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30658">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:28:47">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-29745 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the &apos;New Job&apos; page to which they should not have access to. IBM X-Force ID: 201695.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30659">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:28:48">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-29679 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30660">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:28:48">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-41320 ‼</strong><br><br><code>A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30661">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 15:28:49">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-4951 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30662">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 16:07:04">
16:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to use DocSecrets to encrypt sections of your Google Docs 🦿</strong><br><br><code>If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.</code><br><br><a href="https://www.techrepublic.com/videos/how-to-use-docsecrets-to-encrypt-sections-of-your-google-docs/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30663">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 17:28:51">
17:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27561 ‼</strong><br><br><code>Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30664">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 18:46:54">
18:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move 🕴</strong><br><br><code>Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.</code><br><br><a href="https://www.darkreading.com/endpoint/cisco-duo-trusted-access-report-more-than-50-of-companies-plan-passwordless-move">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30665">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 19:28:55">
19:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2018-16060 ‼</strong><br><br><code>Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16060">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30666">

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 19:28:56">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2018-16061 ‼</strong><br><br><code>Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30667">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.10.2021 19:46:58">
19:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 China&apos;s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes 🕴</strong><br><br><code>China&apos;s premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/china-s-hackers-crack-devices-at-tianfu-cup-for-1-5m-in-prizes">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-926">

      <div class="body details">
18 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30668">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 01:20:13">
01:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 In Cyberwar, Attribution Can Be Impossible — and That&apos;s OK 🕴</strong><br><br><code>Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.</code><br><br><a href="https://www.darkreading.com/analytics/in-cyberwar-attribution-can-be-impossible---and-that-s-okay">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30669">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 07:36:39">
07:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36097 ‼</strong><br><br><code>Agents are able to lock the ticket without the &quot;Owner&quot; permission. Once the ticket is locked, it could be moved to the queue where the agent has &quot;rw&quot; permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30670">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 07:36:40">
07:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-38562 ‼</strong><br><br><code>Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30671">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 07:36:40">
07:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-38297 ‼</strong><br><br><code>Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30672">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 07:36:42">
07:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41611 ‼</strong><br><br><code>An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30673">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 07:36:42">
07:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42565 ‼</strong><br><br><code>myfactory.FMS before 7.1-912 allows XSS via the UID parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30674">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 07:36:46">
07:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42566 ‼</strong><br><br><code>myfactory.FMS before 7.1-912 allows XSS via the Error parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30675">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 08:35:33">
08:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers 🗓️</strong><br><br><code>Latest specification is a work in progress</code><br><br><a href="https://portswigger.net/daily-swig/google-mozilla-close-to-finalizing-sanitizer-api-for-chrome-and-firefox-browsers">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30676">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 08:40:49">
08:40
       </div>

       <div class="text">
<strong>⚠ Cybersecurity Awareness Month: Building your career ⚠</strong><br><br><code>Explore. Experience. Share. How to get into cybersecurity...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/18/becybersmart-2021-week3/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30677">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 10:05:39">
10:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Bugs in malware create ‘backdoors’ for security researchers 🗓️</strong><br><br><code>Black hat trickery switched around to boost security defenses</code><br><br><a href="https://portswigger.net/daily-swig/bugs-in-malware-create-backdoors-for-security-researchers">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30678">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:31:54">
11:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22961 ‼</strong><br><br><code>A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30679">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:31:55">
11:31
       </div>

       <div class="text">
<strong>‼ CVE-2010-2496 ‼</strong><br><br><code>stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30680">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:31:55">
11:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-38389 ‼</strong><br><br><code>Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30681">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:31:56">
11:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-38440 ‼</strong><br><br><code>FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30682">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:31:57">
11:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-38434 ‼</strong><br><br><code>FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38434">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30683">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:01">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-33023 ‼</strong><br><br><code>Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30684">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:02">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38426 ‼</strong><br><br><code>FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30685">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:03">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38436 ‼</strong><br><br><code>FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38436">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30686">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:04">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38442 ‼</strong><br><br><code>FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38442">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30687">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:06">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8291 ‼</strong><br><br><code>A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30688">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:08">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-21797 ‼</strong><br><br><code>An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21797">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30689">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:09">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-22942 ‼</strong><br><br><code>A possible open redirect vulnerability in the Host Authorization middleware in Action Pack &gt;= 6.0.0 that could allow attackers to redirect users to a malicious website.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30690">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:10">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38430 ‼</strong><br><br><code>FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38430">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30691">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:12">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-21796 ‼</strong><br><br><code>An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21796">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30692">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 11:32:13">
11:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38438 ‼</strong><br><br><code>A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38438">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30693">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 12:35:55">
12:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Node.js was vulnerable to a novel HTTP request smuggling technique 🗓️</strong><br><br><code>Bad line termination and incorrect parsing of chunk extensions exposed one of two HRS flaws</code><br><br><a href="https://portswigger.net/daily-swig/node-js-was-vulnerable-to-a-novel-http-request-smuggling-technique">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30694">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 12:38:57">
12:38
       </div>

       <div class="text">
<strong>🦿 Cybersecurity Awareness Month: Why haven&apos;t you updated your security policies? 🦿</strong><br><br><code>While you&apos;re sipping that pumpkin spice latte, make sure to review your company&apos;s cybersecurity policies.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-awareness-month-why-havent-you-updated-your-security-policies/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30695">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:25:17">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Twitter Suspends Accounts Used to Snare Security Researchers ❌</strong><br><br><code>The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.</code><br><br><a href="https://threatpost.com/twitter-suspends-security-researchers/175524/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30696">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:31:56">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-24752 ‼</strong><br><br><code>Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4&apos;s configurations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30697">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:31:57">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-24415 ‼</strong><br><br><code>The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30698">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:31:58">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-24702 ‼</strong><br><br><code>The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30699">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:31:59">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-41990 ‼</strong><br><br><code>The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30700">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:00">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42575 ‼</strong><br><br><code>The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30701">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:04">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24754 ‼</strong><br><br><code>The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30702">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:05">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24612 ‼</strong><br><br><code>The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24612">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30703">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:06">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24760 ‼</strong><br><br><code>The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30704">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:07">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41991 ‼</strong><br><br><code>The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30705">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:08">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24734 ‼</strong><br><br><code>The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30706">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:10">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42576 ‼</strong><br><br><code>The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30707">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:11">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-3755 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30708">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:12">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24736 ‼</strong><br><br><code>The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library â€â€� Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24736">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30709">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:13">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24675 ‼</strong><br><br><code>The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30710">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:14">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24413 ‼</strong><br><br><code>The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24413">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30711">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:16">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24677 ‼</strong><br><br><code>The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts&apos; titles.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30712">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:17">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24735 ‼</strong><br><br><code>The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the &quot;Disable Simultaneous Play&quot; setting via a CSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24735">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30713">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:18">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24516 ‼</strong><br><br><code>The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24516">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30714">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:19">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24622 ‼</strong><br><br><code>The Customer Service Software &amp; Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30715">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:32:20">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41971 ‼</strong><br><br><code>Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30716">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:54:28">
13:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 US links $5.2 billion in Bitcoin transactions to ransomware 📢</strong><br><br><code>A new report from the Treasury ties the cryptocurrency to ransomware payments over a ten year period</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361273/us-ties-52-billion-bitcoin-transactions-to-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30717">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:54:30">
13:54
       </div>

       <div class="text">
<strong>📢 Acer Taiwan falls victim to cyber attack 📢</strong><br><br><code>Hackers obtained employee data three days after they breached Acer India servers</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361274/acer-taiwan-falls-victim-to-cyber-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30718">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:54:32">
13:54
       </div>

       <div class="text">
<strong>📢 The rise of cloud misconfiguration threats and how to avoid them 📢</strong><br><br><code>Businesses must adopt new tools and practices to combat one of the leading causes of security breaches</code><br><br><a href="https://www.itpro.co.uk/cloud/361113/the-rise-of-cloud-misconfiguration-threats-and-how-to-avoid-them">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30719">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 13:54:33">
13:54
       </div>

       <div class="text">
<strong>📢 Marsh McLennan reveals its cyber risk analytics center 📢</strong><br><br><code>The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wyman</code><br><br><a href="https://www.itpro.co.uk/business-strategy/risk-management/361269/marsh-mclennan-reveals-its-cyber-risk-analytics-center">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30720">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 14:08:32">
14:08
       </div>

       <div class="text">
<strong>🦿 Is your organization safe from a cybersecurity attack? 🦿</strong><br><br><code>How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.</code><br><br><a href="https://www.techrepublic.com/article/whats-your-organizations-cybersecurity-strategy/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30721">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 15:25:19">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings ❌</strong><br><br><code>The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.</code><br><br><a href="https://threatpost.com/tiktok-gamer-targets-among-us-steam/175546/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30722">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 15:31:59">
15:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-36513 ‼</strong><br><br><code>An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30723">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 15:32:00">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42055 ‼</strong><br><br><code>ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30724">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 15:32:01">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-23449 ‼</strong><br><br><code>This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23449">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30725">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 15:32:02">
15:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-29878 ‼</strong><br><br><code>IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29878">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30726">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 16:21:17">
16:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Sinclair Broadcast Group Confirms Ransomware Attack 🕴</strong><br><br><code>The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/sinclair-broadcast-group-confirms-ransomware-attack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30727">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 17:21:15">
17:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 DOJ Aims to Keep Companies Accountable with Cyber-Fraud Initiative 🔏</strong><br><br><code>Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ&apos;s new Civil Cyber-Fraud Initiative.</code><br><br><a href="https://digitalguardian.com/blog/doj-aims-keep-companies-accountable-cyber-fraud-initiative">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30728">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 17:21:17">
17:21
       </div>

       <div class="text">
<strong>🕴 NSA, FBI, CISA Issue Advisory on &apos;BlackMatter&apos; Ransomware 🕴</strong><br><br><code>Ransomware has become a &quot;national security issue,&quot; NSA director said.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/feds-issue-advisory-on-blackmatter-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30729">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 17:25:24">
17:25
       </div>

       <div class="text">
<strong>❌ Sinclair Confirms Ransomware Attack That Disrupted TV Stations ❌</strong><br><br><code>A major cyberattack resulted in data being stolen, too, but Sinclair&apos;s not sure which information is now in the hands of the crooks.</code><br><br><a href="https://threatpost.com/sinclair-ransomware-tv-stations/175548/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30730">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 17:38:36">
17:38
       </div>

       <div class="text">
<strong>🦿 Gartner analyst: 12 technologies to accelerate growth, engineer trust and sculpt change in 2022 🦿</strong><br><br><code>CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner&apos;s IT Symposium.</code><br><br><a href="https://www.techrepublic.com/article/gartner-analyst-12-technologies-to-accelerate-growth-engineer-trust-and-sculpt-change-in-2022/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30731">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 18:25:27">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? ❌</strong><br><br><code>Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.</code><br><br><a href="https://threatpost.com/podcast-zoho-solarwinds/175553/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30732">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 18:38:38">
18:38
       </div>

       <div class="text">
<strong>🦿 How to deal with supply-chain disruptions: 5 tips 🦿</strong><br><br><code>Tom Merritt gives us five ways to deal with the uncertainty of weather events and port issues.</code><br><br><a href="https://www.techrepublic.com/videos/how-to-deal-with-supply-chain-disruptions-5-tips/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30733">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 18:38:39">
18:38
       </div>

       <div class="text">
<strong>🦿 Top 5 tips for dealing with supply-chain disruptions 🦿</strong><br><br><code>Weather events and port issues have caused major disruptions in the global supply chain. Tom Merritt gives us five ways to deal with it.</code><br><br><a href="https://www.techrepublic.com/article/top-5-tips-for-dealing-with-supply-chain-disruptions/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30734">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:21:22">
19:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud 🕴</strong><br><br><code>As retailers roll out more &quot;buy online, pickup in-store&quot; options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.</code><br><br><a href="https://www.darkreading.com/edge-articles/loss-prevention-teams-up-with-cybersecurity-to-address-retail-fraud">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30735">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:32:12">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41152 ‼</strong><br><br><code>OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30736">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:32:13">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41156 ‼</strong><br><br><code>anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today&apos;s date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft an html form with malicious JavaScript, use social engineering to convince logged on users to execute a POST from such form, and have the attacker-supplied JavaScript to be executed in user&apos;s browser. This has been patched in version 1.19.30.5600. Upgrade is recommended. If it is not practical, introduce ttValidDbDateFormatDate function as in the latest version and add a call to it within the access checks block.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30737">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:32:16">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-42650 ‼</strong><br><br><code>Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42650">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30738">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:32:17">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41151 ‼</strong><br><br><code>Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30739">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:32:18">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41153 ‼</strong><br><br><code>The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `&lt; 0.31.0`, `JUMPI` opcode&apos;s condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a **high** severity security advisory if you use `evm` crate for Ethereum mainnet. In this case, you should update your library dependency immediately to on or after `0.31.0`. This is a **low** severity security advisory if you use `evm` crate in Frontier or in a standalone blockchain, because there&apos;s no security exploit possible with this advisory. It is **not** recommended to update to on or after `0.31.0` until all the normal chain upgrade preparations have been done. If you use Frontier or other `pallet-evm` based Substrate blockchain, please ensure to update your `spec_version` before updating this. For other blockchains, please make sure to follow a hard-fork process before you update this.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30740">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 19:51:25">
19:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Group With Potential Links to Iranian Threat Actor Resurfaces 🕴</strong><br><br><code>The Lyceum group has previously been linked to attacks on targets in the Middle East.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/group-with-potential-links-to-iranian-threat-actor-resurfaces">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30741">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 20:21:23">
20:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream 🕴</strong><br><br><code>New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies.</code><br><br><a href="https://www.darkreading.com/endpoint/fido-alliance-research-tracks-passwordless-authentication-as-it-moves-mainstream">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30742">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 21:32:18">
21:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41155 ‼</strong><br><br><code>Tuleap is a Free &amp; Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30743">

      <div class="body">

       <div class="pull_right date details" title="18.10.2021 21:32:19">
21:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-41154 ‼</strong><br><br><code>Tuleap is a Free &amp; Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a &quot;SVN core&quot; repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41154">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-927">

      <div class="body details">
19 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30744">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 02:32:42">
02:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20836 ‼</strong><br><br><code>Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30745">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 03:26:46">
03:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Cross-Industry Technology Trends That Will Disrupt the World 🕴</strong><br><br><code>Recent McKinsey &amp; Company analysis examines which technologies will have the most momentum in the next ten years. These are the trends security teams need to be aware of in order to protect the organization effectively.</code><br><br><a href="https://www.darkreading.com/dr-tech/7-cross-industry-technology-trends-that-will-disrupt-the-world">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30746">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 07:25:48">
07:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ TA505 Gang Is Back With Newly Polished FlawedGrace RAT ❌</strong><br><br><code>TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.</code><br><br><a href="https://threatpost.com/ta505-retooled-flawedgrace-rat/175559/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30747">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 07:32:56">
07:32
       </div>

       <div class="text">
<strong>‼️ CVE-2021-25968 ‼️<br><br></strong><code>In OpenCMS, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.<br><br></code><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25968">📖 Read<br><br></a>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30748">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:23:22">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Simmering Cybersecurity Risk of Employee Burnout 🕴</strong><br><br><code>Why understanding human behavior is essential to building resilient security systems.</code><br><br><a href="https://www.darkreading.com/careers-and-people/the-simmering-cybersecurity-risk-of-employee-burnout">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30749">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:07">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3889 ‼</strong><br><br><code>libmobi is vulnerable to Use of Out-of-range Pointer Offset</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30750">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:08">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3846 ‼</strong><br><br><code>firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30751">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:09">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3888 ‼</strong><br><br><code>libmobi is vulnerable to Use of Out-of-range Pointer Offset</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30752">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:10">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38474 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30753">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:11">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3858 ‼</strong><br><br><code>snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3858">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30754">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:15">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3869 ‼</strong><br><br><code>corenlp is vulnerable to Improper Restriction of XML External Entity Reference</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3869">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30755">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:15">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-42261 ‼</strong><br><br><code>Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30756">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:16">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-36512 ‼</strong><br><br><code>An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30757">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:17">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38486 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38486">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30758">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:18">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38478 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38478">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30759">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:23">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3879 ‼</strong><br><br><code>snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3879">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30760">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:24">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38464 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38464">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30761">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:24">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38484 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38484">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30762">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:25">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38480 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30763">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:26">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3851 ‼</strong><br><br><code>firefly-iii is vulnerable to URL Redirection to Untrusted Site</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30764">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:30">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3872 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30765">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:31">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38462 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38462">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30766">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:32">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38472 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30767">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:33">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3863 ‼</strong><br><br><code>snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30768">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 11:33:34">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38468 ‼</strong><br><br><code>InHand Networks IR615 Router&apos;s Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38468">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30769">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:19:32">
12:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ L0phtCrack password auditing tool goes open source 🗓️</strong><br><br><code>Original developers invite OS community to develop further capabilities</code><br><br><a href="https://portswigger.net/daily-swig/l0phtcrack-password-auditing-tool-goes-open-source">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30770">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:25:57">
12:25
       </div>

       <div class="text">
<strong>❌ A Guide to Doing Cyberintelligence on a Restricted Budget ❌</strong><br><br><code>Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.</code><br><br><a href="https://threatpost.com/guide-cyberintelligence-restricted-budget/175574/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30771">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:38:59">
12:38
       </div>

       <div class="text">
<strong>🦿 How to keep your data off the Dark Web 🦿</strong><br><br><code>Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.</code><br><br><a href="https://www.techrepublic.com/article/how-to-keep-your-data-off-the-dark-web/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30772">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:39:00">
12:39
       </div>

       <div class="text">
<strong>🦿 Aruba introduces the industry&apos;s first distributed services switch 🦿</strong><br><br><code>The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside.</code><br><br><a href="https://www.techrepublic.com/article/aruba-introduces-the-industrys-first-distributed-services-switch/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30773">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:39:01">
12:39
       </div>

       <div class="text">
<strong>🦿 How to proactively detect and prevent ransomware attacks 🦿</strong><br><br><code>Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.</code><br><br><a href="https://www.techrepublic.com/article/how-to-proactively-detect-and-prevent-ransomware-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30774">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:39:02">
12:39
       </div>

       <div class="text">
<strong>🦿 Tech support scams top list of latest phishing threats 🦿</strong><br><br><code>Tech support scams work because they try to trick people into believing there&apos;s a serious security crisis with their computers, says Norton Labs.</code><br><br><a href="https://www.techrepublic.com/article/tech-support-scams-top-list-of-latest-phishing-threats/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30775">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 12:42:01">
12:42
       </div>

       <div class="text">
<strong>⚠ Cybersecurity Awareness Month: Building your career ⚠</strong><br><br><code>Explore. Experience. Share. How to get into cybersecurity...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/18/becybersmart-2021-week3/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30776">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:06:43">
13:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ (ISC)² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap 🗓️</strong><br><br><code>CEO tells (ISC)² Security Congress how orgs should rethink hiring strategies</code><br><br><a href="https://portswigger.net/daily-swig/isc-hopes-diversity-drive-will-hasten-glacial-progress-on-plugging-infosec-workforce-gap">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30777">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:22:21">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency 🕴</strong><br><br><code>Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/veritas-simplifies-data-backup-to-the-cloud-while-helping-reduce-costs-and-increase-ransomware-resiliency">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30778">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:22:22">
13:22
       </div>

       <div class="text">
<strong>🕴 Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors 🕴</strong><br><br><code>Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/former-nsa-deputy-director-william-crowell-joins-redacted-board-of-directors">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30779">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:22:23">
13:22
       </div>

       <div class="text">
<strong>🕴 Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster 🕴</strong><br><br><code>Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.</code><br><br><a href="https://www.darkreading.com/application-security/data-privacy-api-company-skyflow-raises-45m-series-b-funding-to-help-fintech-and-healthtech-companies-ship-faster">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30780">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:11">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-29622 ‼</strong><br><br><code>A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30781">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:12">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30847 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30782">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:14">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30845 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30783">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:15">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30835 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30784">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:16">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-37136 ‼</strong><br><br><code>The Bzip2 decompression decoder function doesn&apos;t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30785">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:18">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30850 ‼</strong><br><br><code>An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30786">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:19">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-39355 ‼</strong><br><br><code>The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30787">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:20">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30358 ‼</strong><br><br><code>Mobile Access Portal Native Applications who&apos;s path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30788">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:21">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30828 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30828">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30789">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:22">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-37137 ‼</strong><br><br><code>The Snappy frame decoder function doesn&apos;t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30790">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:23">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-39329 ‼</strong><br><br><code>The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30791">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:24">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3746 ‼</strong><br><br><code>A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2&apos;s volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30792">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:25">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30843 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30793">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:26">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-39343 ‼</strong><br><br><code>The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30794">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:28">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30819 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30819">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30795">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:29">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30825 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30796">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:30">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30832 ‼</strong><br><br><code>A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30797">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:30">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30815 ‼</strong><br><br><code>A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30798">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:31">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-30841 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30799">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 13:33:35">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2011-1497 ‼</strong><br><br><code>A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30800">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 14:22:23">
14:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Winners Announced for 2021 Infosec Inspire Security Awareness Awards 🕴</strong><br><br><code>Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs.</code><br><br><a href="https://www.darkreading.com/operations/winners-announced-for-2021-infosec-inspire-security-awareness-awards">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30801">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 14:25:59">
14:25
       </div>

       <div class="text">
<strong>❌ Lyceum APT Returns, This Time Targeting Tunisian Firms ❌</strong><br><br><code>The APT, which targets Middle-Eastern energy firms &amp; telecoms, has been relatively quiet since its exposure but not entirely silent. It&apos;s kept up attacks through 2021 and is working on retooling its arsenal yet again. </code><br><br><a href="https://threatpost.com/lyceum-apt-tunisian-firms/175579/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30802">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 15:33:15">
15:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38911 ‼</strong><br><br><code>IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30803">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 15:33:17">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-12141 ‼</strong><br><br><code>An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30804">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 15:33:18">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-29912 ‼</strong><br><br><code>IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30805">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 15:33:19">
15:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-33988 ‼</strong><br><br><code>Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30806">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 15:52:29">
15:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Toon: Bone Dry 🕴</strong><br><br><code>Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/name-that-toon-bone-dry">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30807">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 15:52:30">
15:52
       </div>

       <div class="text">
<strong>🕴 Privacy Management for Microsoft 365 Now Generally Available 🕴</strong><br><br><code>The tool is designed to automatically discover personal data in organizations&apos; Microsoft 365 environments.</code><br><br><a href="https://www.darkreading.com/privacy/privacy-management-for-microsoft-365-now-generally-available">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30808">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 16:22:35">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored 🕴</strong><br><br><code>Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/2021-state-of-ransomware-report-reveals-83-of-victims-paid-to-get-data-restored">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30809">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 16:22:36">
16:22
       </div>

       <div class="text">
<strong>🕴 Keysight Technologies Acquires SCALABLE Network Technologies 🕴</strong><br><br><code>Simulation and modeling solutions augment Keysight&apos;s 5G and cybersecurity portfolio.</code><br><br><a href="https://www.darkreading.com/perimeter/keysight-technologies-acquires-scalable-network-technologies">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30810">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 16:22:38">
16:22
       </div>

       <div class="text">
<strong>🕴 CrowdStrike Invests in Microsoft AD Competitor JumpCloud 🕴</strong><br><br><code>Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.</code><br><br><a href="https://www.darkreading.com/cloud/crowdstrike-invests-in-microsoft-ad-competitor-jumpcloud">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30811">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 16:22:39">
16:22
       </div>

       <div class="text">
<strong>🕴 Candy Corn Maker Hit With Ransomware 🕴</strong><br><br><code>Ferrara Candy Co. said a ransomware attack earlier this month won&apos;t affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/candy-corn-maker-hit-with-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30812">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:20">
17:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31379 ‼</strong><br><br><code>An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC [&quot;FPC ID&quot; # e.g. &quot;0&quot;] PFE #{PFE ID # e.g. &quot;1&quot;] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1&gt; show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31379">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30813">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:21">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31358 ‼</strong><br><br><code>A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30814">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:23">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31370 ‼</strong><br><br><code>An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS). Continued receipt of this specific multicast traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 and EX4600 Series: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30815">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:24">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31359 ‼</strong><br><br><code>A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30816">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:25">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31355 ‼</strong><br><br><code>A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30817">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:26">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31365 ‼</strong><br><br><code>An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31365">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30818">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:27">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31366 ‼</strong><br><br><code>An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition. Continued receipted of these PPP login request will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30819">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:29">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-0297 ‼</strong><br><br><code>A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30820">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:30">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-41140 ‼</strong><br><br><code>Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30821">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:32">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31373 ‼</strong><br><br><code>A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user&apos;s active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30822">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:33">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31372 ‼</strong><br><br><code>An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30823">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:33">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31384 ‼</strong><br><br><code>Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31384">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30824">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:34">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31349 ‼</strong><br><br><code>The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30825">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:35">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31375 ‼</strong><br><br><code>An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30826">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:39">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31357 ‼</strong><br><br><code>A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30827">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:40">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-0296 ‼</strong><br><br><code>The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30828">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:41">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31364 ‼</strong><br><br><code>An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30829">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:42">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31371 ‼</strong><br><br><code>Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5110 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects: Juniper Networks Junos OS on QFX5110 Series: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30830">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:43">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31376 ‼</strong><br><br><code>An Improper Input Validation vulnerability in Packet Forwarding Engine manager (FXPC) process of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending specific DHCPv6 packets to the device and crashing the FXPC service. Continued receipt and processing of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms in ACX Series: ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096 devices. Other ACX platforms are not affected from this issue. This issue affects Juniper Networks Junos OS on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096: 18.4 version 18.4R3-S7 and later versions prior to 18.4R3-S8. This issue does not affect: Juniper Networks Junos OS 18.4 versions prior to 18.4R3-S7 on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30831">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:33:47">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-31381 ‼</strong><br><br><code>A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31381">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30832">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:23">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41149 ‼</strong><br><br><code>Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30833">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:24">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31367 ‼</strong><br><br><code>A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30834">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:26">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31382 ‼</strong><br><br><code>On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device&apos;s interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31382">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30835">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:27">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31353 ‼</strong><br><br><code>An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30836">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:28">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31380 ‼</strong><br><br><code>A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30837">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:29">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-32663 ‼</strong><br><br><code>iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32663">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30838">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:30">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-32664 ‼</strong><br><br><code>Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on &quot;run query&quot; page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30839">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 17:39:32">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31385 ‼</strong><br><br><code>An Improper Limitation of a Pathname to a Restricted Directory (&apos;Path Traversal&apos;) vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30840">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 18:22:36">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Query.ai</strong> <strong>Closes $15M Series A for Security Investigations Tool 🕴</strong><br><br><code>The funding will support product development for Query.AI&apos;s browser-based security investigations tool.</code><br><br><a href="https://www.darkreading.com/dr-tech/query-ai-closes-15m-series-a-for-security-investigations-tool">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30841">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 18:52:38">
18:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises 🕴</strong><br><br><code>Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.</code><br><br><a href="https://www.darkreading.com/perimeter/cato-networks-valued-at-2-5b-raises-additional-200m-to-accelerate-sase-adoption-among-large-enterprises">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30842">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 18:52:39">
18:52
       </div>

       <div class="text">
<strong>🕴 Enterprise Cybersecurity Strategies Are Getting More Attention 🕴</strong><br><br><code>Data in Dark Reading&apos;s 2021 Strategic Security Survey report suggest organizations are taking the security challenge seriously.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/enterprise-cybersecurity-strategies-are-getting-more-attention">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30843">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 18:56:06">
18:56
       </div>

       <div class="text">
<strong>❌ Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services ❌</strong><br><br><code>The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.</code><br><br><a href="https://threatpost.com/squirrel-attackers-execute-code-games-cloud-services/175586/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30844">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 19:22:38">
19:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign 🕴</strong><br><br><code>LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/sophisticated-threat-group-targeting-telecoms-worldwide-in-spying-campaign">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30845">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 19:33:25">
19:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-41150 ‼</strong><br><br><code>Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30846">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 19:52:41">
19:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Penetration Testing in the Cloud Demands a Different Approach 🕴</strong><br><br><code>Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments.</code><br><br><a href="https://www.darkreading.com/cloud/pentesting-in-the-cloud-demands-a-different-approach">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30847">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 21:33:34">
21:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3454 ‼</strong><br><br><code>Truncated L2CAP K-frame causes assertion failure. Zephyr versions &gt;= 2.4.0, &gt;= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3454">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30848">

      <div class="body">

       <div class="pull_right date details" title="19.10.2021 21:33:36">
21:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3455 ‼</strong><br><br><code>Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions &gt;= 2.4.0, &gt;= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3455">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-928">

      <div class="body details">
20 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30849">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:05">
07:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-30302 ‼</strong><br><br><code>Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30850">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:07">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1983 ‼</strong><br><br><code>Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30851">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:07">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1917 ‼</strong><br><br><code>Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30852">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:09">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30292 ‼</strong><br><br><code>Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30853">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:10">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30312 ‼</strong><br><br><code>Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30854">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:11">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1980 ‼</strong><br><br><code>Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30855">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:13">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30257 ‼</strong><br><br><code>Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30257">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30856">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:14">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30310 ‼</strong><br><br><code>Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30857">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:15">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1984 ‼</strong><br><br><code>Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30858">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:17">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30305 ‼</strong><br><br><code>Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30859">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:18">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1977 ‼</strong><br><br><code>Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30860">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:19">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1913 ‼</strong><br><br><code>Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30861">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:20">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1959 ‼</strong><br><br><code>Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1959">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30862">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:21">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30304 ‼</strong><br><br><code>Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30863">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:23">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-11303 ‼</strong><br><br><code>Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30864">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:24">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1936 ‼</strong><br><br><code>Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1936">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30865">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:25">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30256 ‼</strong><br><br><code>Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30256">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30866">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:27">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-30291 ‼</strong><br><br><code>Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30867">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:28">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1967 ‼</strong><br><br><code>Possible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN Match event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30868">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 07:35:29">
07:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1966 ‼</strong><br><br><code>Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30869">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:15">
09:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35543 ‼</strong><br><br><code>Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35543">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30870">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:17">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-2474 ‼</strong><br><br><code>Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30871">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:18">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35536 ‼</strong><br><br><code>Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Deal Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Deal Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Deal Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35536">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30872">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:19">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35577 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30873">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:20">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35599 ‼</strong><br><br><code>Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where Zero Downtime DB Migration to Cloud executes to compromise Zero Downtime DB Migration to Cloud. While the vulnerability is in Zero Downtime DB Migration to Cloud, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Zero Downtime DB Migration to Cloud. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30874">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:22">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-2461 ‼</strong><br><br><code>Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Provision API). The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Interactive Session Recorder. While the vulnerability is in Oracle Communications Interactive Session Recorder, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Interactive Session Recorder accessible data as well as unauthorized read access to a subset of Oracle Communications Interactive Session Recorder accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Interactive Session Recorder. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2461">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30875">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:23">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35578 ‼</strong><br><br><code>Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30876">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:24">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35654 ‼</strong><br><br><code>Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30877">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:25">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-2481 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30878">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:27">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35607 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30879">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:28">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35632 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30880">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:29">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35620 ‼</strong><br><br><code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30881">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:30">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35653 ‼</strong><br><br><code>Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30882">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:32">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35574 ‼</strong><br><br><code>Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35574">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30883">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:33">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35606 ‼</strong><br><br><code>Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the PeopleSoft Enterprise CS Campus Community executes to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35606">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30884">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:34">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35561 ‼</strong><br><br><code>Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30885">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:35">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35655 ‼</strong><br><br><code>Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Essbase Administration Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30886">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:37">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35627 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30887">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:38">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35567 ‼</strong><br><br><code>Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30888">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:41:39">
09:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-35553 ‼</strong><br><br><code>Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Class Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Records. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CS Student Records, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Student Records accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CS Student Records accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30889">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 09:44:16">
09:44
       </div>

       <div class="text">
<strong>🗓️ Slack contains an XSLeak vulnerability that de-anonymizes users 🗓️</strong><br><br><code>Research inspired by similar flaws previously unearthed in Facebook, Twitter, and Microsoft Live</code><br><br><a href="https://portswigger.net/daily-swig/slack-contains-an-xsleak-vulnerability-that-de-anonymizes-users">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30890">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 10:56:40">
10:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Geriatric Microsoft Bug Exploited by APT Using Commodity RATs ❌</strong><br><br><code>Disguised as an IT firm, the APT is hitting targets in Afghanistan &amp; India, exploiting a 20-year-old+ Microsoft Office bug that&apos;s as potent as it is ancient.</code><br><br><a href="https://threatpost.com/apt-commodity-rats-microsoft-bug/175601/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30891">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:23:10">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Ransomware Payment Dilemma: Should Victims Pay or Not? 🕴</strong><br><br><code>It&apos;s time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/the-ransomware-payment-dilemma-should-victims-pay-or-not-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30892">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:23:11">
11:23
       </div>

       <div class="text">
<strong>🕴 JavaScript Packing Found In More Than 25% of Malicious Sites 🕴</strong><br><br><code>Obfuscation techniques are extremely prevalent, data shows, but they can&apos;t be used as a single indicator of compromise because legitimate websites use them.</code><br><br><a href="https://www.darkreading.com/application-security/javascript-packing-found-in-more-than-25-of-malicious-sites">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30893">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:35:17">
11:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-25969 ‼</strong><br><br><code>In “Camaleon CMSâ€� application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30894">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:35:18">
11:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-23452 ‼</strong><br><br><code>This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23452">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30895">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:35:19">
11:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-25972 ‼</strong><br><br><code>In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30896">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:35:20">
11:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-25970 ‼</strong><br><br><code>Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30897">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 11:35:21">
11:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-25971 ‼</strong><br><br><code>In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app&apos;s media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30898">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 12:43:02">
12:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Historic scientific notation bug foils WAF defenses 🗓️</strong><br><br><code>AWS WAF and ModSecurity get ‘blinded by science’</code><br><br><a href="https://portswigger.net/daily-swig/historic-scientific-notation-bug-foils-waf-defenses">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30899">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 13:23:19">
13:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ “To the moon!” Cryptocurrency hamster Mr Goxx trades online 24/7 ⚠</strong><br><br><code>Here&apos;s a happy cryptocurrency story for once, with not a cybercrook in sight.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/20/to-the-moon-cryptocurrency-hamster-mr-goxx-trades-online-24-7/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30900">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 13:35:22">
13:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-21747 ‼</strong><br><br><code>ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21747">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30901">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 13:35:23">
13:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3542 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30902">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 13:35:24">
13:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-21746 ‼</strong><br><br><code>ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30903">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 14:23:43">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Passwordless Is the Future … but What About the Present? 🕴</strong><br><br><code>Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits — and drawbacks — to users.</code><br><br><a href="https://www.darkreading.com/endpoint/passwordless-is-the-future-but-what-about-the-present-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30904">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 15:06:56">
15:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ VPN Exposes Data for 1M Users, Leading to Researcher Questioning ❌</strong><br><br><code>Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.</code><br><br><a href="https://threatpost.com/vpn-exposes-data-1m/175612/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30905">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 15:35:29">
15:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21749 ‼</strong><br><br><code>ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30906">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 15:35:30">
15:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-21743 ‼</strong><br><br><code>ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21743">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30907">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 15:35:31">
15:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-21744 ‼</strong><br><br><code>ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21744">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30908">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 15:35:33">
15:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-21745 ‼</strong><br><br><code>ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30909">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 15:35:34">
15:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-21748 ‼</strong><br><br><code>ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30910">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 16:00:07">
16:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Government Agencies Warn Against BlackMatter Ransomware 🔏</strong><br><br><code>CISA, the FBI, and NSA provided defenders with tips to protect networks and mitigations to prevent the spread of the ransomware.</code><br><br><a href="https://digitalguardian.com/blog/government-agencies-warn-against-blackmatter-ransomware">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30911">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 16:56:50">
16:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Crushes YouTube Cookie-Stealing Channel Hijackers ❌</strong><br><br><code>Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. </code><br><br><a href="https://threatpost.com/google-youtube-channel-hijackers-cryptocurrency-scams/175617/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30912">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 17:23:25">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Removing Friction for the Enterprise With Trusted Access 🕴</strong><br><br><code>Our work lives are supposed to be simpler and easier because of technology. At least that’s the promise.</code><br><br><a href="https://www.darkreading.com/edge-articles/removing-friction-for-the-enterprise-with-trusted-access">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30913">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 17:35:35">
17:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-42762 ‼</strong><br><br><code>BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30914">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 17:35:37">
17:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-41167 ‼</strong><br><br><code>modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don&apos;t. Any code calling these functions will be written thinking they would limit the concurrency but they won&apos;t. This could lead to potential security issues in other projects. The problem has been patched in 1.0.4. There is no workaround.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30915">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 17:35:38">
17:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-38896 ‼</strong><br><br><code>IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30916">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 17:35:38">
17:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-41135 ‼</strong><br><br><code>The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node’s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30917">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 18:23:54">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme 🕴</strong><br><br><code>Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme.</code><br><br><a href="https://www.darkreading.com/cloud/execs-from-now-defunct-gigatrust-arrested-in-50m-fraud-scheme">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30918">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 18:23:55">
18:23
       </div>

       <div class="text">
<strong>🕴 MITRE Engenuity Announces ATT&amp;CK® Evaluations Call for Participation for Managed Services 🕴</strong><br><br><code>Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/mitre-engenuity-announces-att-ck-evaluations-call-for-participation-for-managed-services">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30919">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 18:23:56">
18:23
       </div>

       <div class="text">
<strong>🕴 Google: Phishing Campaign Targets YouTube Creators 🕴</strong><br><br><code>The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/google-phishing-campaign-targets-youtube-creators">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30920">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 18:23:57">
18:23
       </div>

       <div class="text">
<strong>🕴 CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations 🕴</strong><br><br><code>Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs.</code><br><br><a href="https://www.darkreading.com/careers-and-people/cisa-awards-2-million-to-bring-cybersecurity-training-to-rural-communities-and-diverse-populations">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30921">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 18:23:58">
18:23
       </div>

       <div class="text">
<strong>🕴 Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges 🕴</strong><br><br><code>Led by representatives from the three companies, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/microsoft-intel-and-goldman-sachs-to-lead-new-tcg-work-group-to-tackle-supply-chain-security-challenges">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30922">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 19:00:15">
19:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students 🕴</strong><br><br><code>$10,000 to be awarded annually for four years each by Optiv’s Black Employee Network.</code><br><br><a href="https://www.darkreading.com/careers-and-people/optiv-announces-second-annual-40-000-scholarship-for-black-african-american-identifying-stem-students">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30923">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 19:00:17">
19:00
       </div>

       <div class="text">
<strong>🕴 Microsoft-Signed Rootkit Targets Gaming Environments in China 🕴</strong><br><br><code>FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft&apos;s driver certification process.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/microsoft-signed-rootkit-targets-gaming-environments-in-china">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30924">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 19:35:41">
19:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42771 ‼</strong><br><br><code>Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30925">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 19:35:43">
19:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-42765 ‼</strong><br><br><code>The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30926">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 19:35:44">
19:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-42766 ‼</strong><br><br><code>The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an increase in the profits of individual validators.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42766">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30927">

      <div class="body">

       <div class="pull_right date details" title="20.10.2021 19:35:45">
19:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-42764 ‼</strong><br><br><code>The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42764">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-929">

      <div class="body details">
21 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30928">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:16">
02:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40121 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30929">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:18">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-34736 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34736">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30930">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:19">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-39126 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user&apos;s CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30931">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:19">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42096 ‼</strong><br><br><code>GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42096">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30932">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:20">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-34760 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30933">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:25">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-34789 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30934">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:26">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-39127 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30935">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:26">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40122 ‼</strong><br><br><code>A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30936">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:27">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-34743 ‼</strong><br><br><code>A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user&apos;s account without that user&apos;s express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user&apos;s behalf without the express consent of the user, possibly allowing external applications to read data from that user&apos;s profile.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34743">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30937">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:28">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-1529 ‼</strong><br><br><code>A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30938">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:30">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-34738 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30939">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:31">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42097 ‼</strong><br><br><code>GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30940">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 02:36:32">
02:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40123 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 09:13:28">
09:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Security pre-advisories: A simple way to improve the patch management process 🗓️</strong><br><br><code>Improving enterprise security, one patch at a time</code><br><br><a href="https://portswigger.net/daily-swig/security-pre-advisories-a-simple-way-to-improve-the-patch-management-process">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30942">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 09:29:43">
09:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Proposed HTTPA Protocol Uses TEEs to Secure the Web 🕴</strong><br><br><code>Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost web security.</code><br><br><a href="https://www.darkreading.com/emerging-tech/proposed-httpa-protocol-uses-tees-to-secure-web">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30943">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 10:27:22">
10:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Why is Cybersecurity Failing Against Ransomware? ❌</strong><br><br><code>Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.</code><br><br><a href="https://threatpost.com/cybersecurity-failing-ransomware/175637/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30944">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 10:43:27">
10:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Bulletproof hosting duo jailed over support of cyber-attacks against US targets 🗓️</strong><br><br><code>Attacks leveraging defendants’ infrastructure inflicted heavy financial losses on victims</code><br><br><a href="https://portswigger.net/daily-swig/bulletproof-hosting-duo-jailed-over-support-of-cyber-attacks-against-us-targets">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30945">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 11:10:16">
11:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft bought CloudKnox because hybrid multicloud identity is complicated 🦿</strong><br><br><code>Managing passwords and privileged access is bad enough for people—but that&apos;s going to be dwarfed by the problem of dealing with non-human identities.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-bought-cloudknox-because-hybrid-multicloud-identity-is-complicated/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30946">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 11:24:48">
11:24
       </div>

       <div class="text">
<strong>🕴 How Psychology Can Save Your Cybersecurity Awareness Training Program 🕴</strong><br><br><code>Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.</code><br><br><a href="https://www.darkreading.com/careers-and-people/how-psychology-can-save-your-cybersecurity-awareness-training-program">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30947">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 11:36:47">
11:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-35512 ‼</strong><br><br><code>An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30948">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 12:13:27">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ New bug bounty platform launches for Indian ethical hackers 🗓️</strong><br><br><code>Security researchers can sign up now</code><br><br><a href="https://portswigger.net/daily-swig/new-bug-bounty-platform-launches-for-indian-ethical-hackers">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30949">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 12:40:14">
12:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to digitally sign email in Apple Mail 🦿</strong><br><br><code>Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.</code><br><br><a href="https://www.techrepublic.com/article/how-to-digitally-sign-email-in-apple-mail/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30950">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 12:40:15">
12:40
       </div>

       <div class="text">
<strong>🛠 AntiRansom 5 🛠</strong><br><br><code>AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.</code><br><br><a href="https://packetstormsecurity.com/files/164577/AntiRansom-5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30951">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 12:43:14">
12:43
       </div>

       <div class="text">
<strong>⚠ S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts] ⚠</strong><br><br><code>Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/21/s3-ep55-live-malware-global-encryption-dating-scams-and-secret-emanations-podcasts/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30952">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 13:24:54">
13:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Macs Still Targeted Mostly With Adware, Less With Malware 🕴</strong><br><br><code>The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.</code><br><br><a href="https://www.darkreading.com/application-security/macs-still-targeted-with-adware-with-malware-rarely-seen">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30953">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 13:36:55">
13:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42740 ‼</strong><br><br><code>The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42740">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30954">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 14:57:29">
14:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Gigabyte Allegedly Hit by AvosLocker Ransomware ❌</strong><br><br><code>If AvosLocker stole Gigabyte&apos;s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.</code><br><br><a href="https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30955">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:25:00">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Launches Security Program for Nonprofits 🕴</strong><br><br><code>A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.</code><br><br><a href="https://www.darkreading.com/endpoint/microsoft-launches-security-program-for-nonprofits">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30956">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:02">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28975 ‼</strong><br><br><code>WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server&apos;s details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30957">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:03">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-20120 ‼</strong><br><br><code>The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30958">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:04">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-29883 ‼</strong><br><br><code>IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30959">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:05">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27304 ‼</strong><br><br><code>The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30960">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:06">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-14263 ‼</strong><br><br><code>&quot;HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30961">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:07">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-29873 ‼</strong><br><br><code>IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30962">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:08">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28496 ‼</strong><br><br><code>On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30963">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 15:37:09">
15:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-42327 ‼</strong><br><br><code>dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42327">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30964">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 16:00:46">
16:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 US Treasury Outlines Compliance Best Practices for Cryptocurrency Companies 🔏</strong><br><br><code>The newly released guide is designed to emphasize sanctions compliance requirements amid the US government’s efforts to combat ransomware.</code><br><br><a href="https://digitalguardian.com/blog/us-treasury-outlines-compliance-best-practices-cryptocurrency-companies">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30965">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 16:55:06">
16:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why Should My Organization Consider XDR? 🕴</strong><br><br><code>XDR is a newish industry term addressing a very old problem: security products that don&apos;t work together to detect threats.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/why-should-my-organization-consider-xdr-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30966">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 16:58:08">
16:58
       </div>

       <div class="text">
<strong>❌ TA551 Shifts Tactics to Install Sliver Red-Teaming Tool ❌</strong><br><br><code>A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.</code><br><br><a href="https://threatpost.com/ta551-tactics-sliver-red-teaming/175651/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30967">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 16:58:09">
16:58
       </div>

       <div class="text">
<strong>❌ U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn ❌</strong><br><br><code>Meanwhile, Zerodium&apos;s quest to buy VPN exploits is problematic, researchers said.</code><br><br><a href="https://threatpost.com/us-ban-cyberattack-tools-zerodium/175654/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30968">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:25:07">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Plurilock to Acquire Assets of CloudCodes Software 🕴</strong><br><br><code>Transaction marks Plurilock’s second acquisition in 2021.</code><br><br><a href="https://www.darkreading.com/cloud/plurilock-to-acquire-assets-of-cloudcodes-software">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30969">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:25:08">
17:25
       </div>

       <div class="text">
<strong>🕴 Invicti Security Announces $625 Million Growth Investment Led by Summit Partners 🕴</strong><br><br><code>Web application security provider plans to leverage new investment to continue product expansion and support global growth.</code><br><br><a href="https://www.darkreading.com/application-security/invicti-security-announces-625-million-growth-investment-led-by-summit-partners">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30970">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:25:09">
17:25
       </div>

       <div class="text">
<strong>🕴 Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months 🕴</strong><br><br><code>Response and recovery have significant impact on 58% of targeted businesses.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/nearly-three-quarters-of-organizations-victimized-by-dns-attacks-in-past-12-months">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30971">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:25:11">
17:25
       </div>

       <div class="text">
<strong>🕴 Cohesity Announces Disaster Recovery as a Service, Providing Automated Disaster Recovery 🕴</strong><br><br><code>New Offering Can Help Businesses Quickly Recover from Ransomware Attacks, Speed Data Recovery, and Advance Business Continuity</code><br><br><a href="https://www.darkreading.com/dr-tech/untitled">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30972">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:06">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41146 ‼</strong><br><br><code>qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30973">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:07">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-42716 ‼</strong><br><br><code>An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30974">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:08">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-42715 ‼</strong><br><br><code>An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30975">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:09">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-35225 ‼</strong><br><br><code>Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP&apos;s customers. This can lead to any user having a limited insight into other customer&apos;s infrastructure and potential data cross-contamination.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30976">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:11">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41159 ‼</strong><br><br><code>FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41159">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30977">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:12">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41160 ‼</strong><br><br><code>FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30978">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:14">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-35228 ‼</strong><br><br><code>This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30979">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:37:15">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-35227 ‼</strong><br><br><code>The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30980">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 17:55:08">
17:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware 🕴</strong><br><br><code>Guardicore&apos;s micro-segmentation products will be added to Akamai&apos;s portfolio of Zero Trust solutions.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/akamai-technologies-completes-acquisition-of-guardicore-to-extend-its-zero-trust-solutions-to-help-stop-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30981">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 18:25:10">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Malware Abuses Core Features of Discord 🕴</strong><br><br><code>Researchers warn that Discord&apos;s bot framework can be easily weaponized.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/malware-abuses-core-features-of-discord">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30982">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 18:25:12">
18:25
       </div>

       <div class="text">
<strong>🕴 Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All 🕴</strong><br><br><code>Online cybersecurity professional development platform bolsters the Check Point Education Initiative.</code><br><br><a href="https://www.darkreading.com/careers-and-people/cybrary-launches-new-partnership-with-check-point-software-to-make-cybersecurity-training-accessible-to-all">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30983">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 18:55:12">
18:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google Buckles Down on Android Enterprise Security 🕴</strong><br><br><code>The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.</code><br><br><a href="https://www.darkreading.com/mobile/google-buckles-down-on-android-enterprise-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30984">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:15">
19:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40719 ‼</strong><br><br><code>Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30985">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:16">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39321 ‼</strong><br><br><code>Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30986">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:17">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39357 ‼</strong><br><br><code>The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30987">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:18">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41168 ‼</strong><br><br><code>Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30988">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:19">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39356 ‼</strong><br><br><code>The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo&apos;d out via the ~/templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30989">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:23">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-36869 ‼</strong><br><br><code>Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions &lt;= 4.6.6). Vulnerable parameter: &amp;post.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36869">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30990">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:24">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39328 ‼</strong><br><br><code>The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo&apos;d out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30991">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:25">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22034 ‼</strong><br><br><code>Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22034">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30992">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:26">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39354 ‼</strong><br><br><code>The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30993">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:27">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41169 ‼</strong><br><br><code>Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41169">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30994">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:31">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41127 ‼</strong><br><br><code>Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot files in the bot directory. The vulnerability is fixed in Rasa 2.8.10. For users unable to update ensure that users do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30995">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:32">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39348 ‼</strong><br><br><code>The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30996">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:33">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39352 ‼</strong><br><br><code>The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message30997">

      <div class="body">

       <div class="pull_right date details" title="21.10.2021 19:37:34">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-27746 ‼</strong><br><br><code>&quot;HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-930">

      <div class="body details">
22 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message30998">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 07:43:49">
07:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ EU ban on anonymous domain registration welcomed by threat intel firm 🗓️</strong><br><br><code>‘This raises the bar and makes it expensive for easy cyber criminality,’ argues DomainTools</code><br><br><a href="https://portswigger.net/daily-swig/eu-ban-on-anonymous-domain-registration-welcomed-by-threat-intel-firm">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message30999">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 08:43:55">
08:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Japanese punctuation exacerbates privacy flaw that leaks one-word search terms in Google, Firefox browsers 🗓️</strong><br><br><code>Researcher questions efficacy of proposed remedies as debate rumbles on 18 months after disclosure</code><br><br><a href="https://portswigger.net/daily-swig/japanese-punctuation-exacerbates-privacy-flaw-that-leaks-one-word-search-terms-in-google-firefox-browsers">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31000">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 08:57:56">
08:57
       </div>

       <div class="text">
<strong>❌ Threat Actors Abuse Discord to Push Malware ❌</strong><br><br><code>The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.</code><br><br><a href="https://threatpost.com/threat-actors-abuse-discord-to-push-malware/175663/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31001">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 09:38:53">
09:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31835 ‼</strong><br><br><code>Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator&apos;s entries were not correctly sanitized.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31002">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 09:38:54">
09:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-31834 ‼</strong><br><br><code>Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator&apos;s entries were not correctly sanitized.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31003">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 09:41:55">
09:41
       </div>

       <div class="text">
<strong>🦿 What to do if your small business is a victim of a cyberattack 🦿</strong><br><br><code>Immersed in the throes of a cyberattack is not the time to figure out how to respond. An expert offers suggestions on how to create a company-specific incident-response plan.</code><br><br><a href="https://www.techrepublic.com/article/what-to-do-if-your-small-business-is-a-victim-of-a-cyberattack/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31004">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 10:13:56">
10:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Swiss exhibitions organizer MCH Group hit by cyber-attack 🗓️</strong><br><br><code>Investigations yet to confirm if any data was exfiltrated</code><br><br><a href="https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attack">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31005">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:23:23">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ REvil ransomware gang allegedly forced offline by law enforcement counterattacks ⚠</strong><br><br><code>One down. Lots more to go. Here&apos;s what to do...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/22/revil-ransomware-gang-allegedly-forced-offline-by-law-enforcement-counterattacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31006">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:26:04">
11:26
       </div>

       <div class="text">
<strong>🕴 What Squid Game Teaches Us About Cybersecurity 🕴</strong><br><br><code>When life inside the security operations center feels treacherous, here are some suggestions for getting out alive.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/what-squid-game-teaches-us-about-cybersecurity">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31007">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:02">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38453 ‼</strong><br><br><code>Some API functions allow interaction with the registry, which includes reading values as well as data modification.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31008">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:04">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38463 ‼</strong><br><br><code>The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38463">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31009">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:05">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38451 ‼</strong><br><br><code>The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31010">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:06">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38473 ‼</strong><br><br><code>The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31011">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:07">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38459 ‼</strong><br><br><code>The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38459">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31012">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:08">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38475 ‼</strong><br><br><code>The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31013">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:09">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38465 ‼</strong><br><br><code>The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38465">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31014">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:11">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38479 ‼</strong><br><br><code>Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38479">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31015">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:12">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38467 ‼</strong><br><br><code>A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38467">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31016">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:13">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38461 ‼</strong><br><br><code>The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38461">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31017">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:14">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38477 ‼</strong><br><br><code>There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38477">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31018">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:15">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41744 ‼</strong><br><br><code>All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41744">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31019">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:16">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-35230 ‼</strong><br><br><code>As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35230">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31020">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:17">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38481 ‼</strong><br><br><code>The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31021">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:19">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38455 ‼</strong><br><br><code>The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38455">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31022">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:20">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-31682 ‼</strong><br><br><code>The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31023">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:21">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36357 ‼</strong><br><br><code>An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t &quot;year&quot; value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31024">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:22">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41747 ‼</strong><br><br><code>Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41747">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31025">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:23">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38471 ‼</strong><br><br><code>There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31026">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:39:25">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38457 ‼</strong><br><br><code>The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38457">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31027">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 11:58:06">
11:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cisco SD-WAN Security Bug Allows Root Code Execution ❌</strong><br><br><code>The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.</code><br><br><a href="https://threatpost.com/cisco-sd-wan-bug-code-execution-root/175669/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31028">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 12:13:58">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Node.js sandboxes are open to prototype pollution 🗓️</strong><br><br><code>Sandbox breakout can lead to remote code execution, researchers warn</code><br><br><a href="https://portswigger.net/daily-swig/node-js-sandboxes-are-open-to-prototype-pollution">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31029">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:11:13">
13:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Faraday 3.18.0 🛠</strong><br><br><code>Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.</code><br><br><a href="https://packetstormsecurity.com/files/164602/faraday-3.18.0.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31030">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:07">
13:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0702 ‼</strong><br><br><code>In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31031">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:08">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42540 ‼</strong><br><br><code>The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42540">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31032">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:09">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0651 ‼</strong><br><br><code>In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31033">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:10">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0706 ‼</strong><br><br><code>In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31034">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:11">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-30359 ‼</strong><br><br><code>The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31035">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:13">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0705 ‼</strong><br><br><code>In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31036">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:14">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42539 ‼</strong><br><br><code>The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31037">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:15">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0870 ‼</strong><br><br><code>In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0870">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31038">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:16">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42538 ‼</strong><br><br><code>The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31039">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:17">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0643 ‼</strong><br><br><code>In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31040">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:18">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0652 ‼</strong><br><br><code>In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31041">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:19">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0708 ‼</strong><br><br><code>In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0708">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31042">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:20">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42534 ‼</strong><br><br><code>The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31043">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:21">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38485 ‼</strong><br><br><code>The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38485">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31044">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:22">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0703 ‼</strong><br><br><code>In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31045">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:26">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42536 ‼</strong><br><br><code>The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42536">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31046">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:27">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0483 ‼</strong><br><br><code>In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0483">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31047">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:28">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42169 ‼</strong><br><br><code>The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42169">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31048">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 13:39:29">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42542 ‼</strong><br><br><code>The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31049">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 14:06:26">
14:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 10/22 🔏</strong><br><br><code>A GPS software bug, helping nonprofits defend against nation state attacks, and the DOJ wants more incident reporting - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-10/22">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31050">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 14:26:15">
14:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Ways to Lock Down Enterprise Printers 🕴</strong><br><br><code>Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks.</code><br><br><a href="https://www.darkreading.com/edge-slideshows/7-ways-to-lock-down-enterprise-printers-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31051">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 14:29:16">
14:29
       </div>

       <div class="text">
<strong>❌ REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say ❌</strong><br><br><code>A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.</code><br><br><a href="https://threatpost.com/revil-servers-offline-governments/175675/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31052">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 16:26:21">
16:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 &apos;TodayZoo&apos; Phishing Kit Cobbled Together From Other Malware 🕴</strong><br><br><code>Microsoft&apos;s analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/phishing-kit-todayzoo-cobbled-together-from-other-malware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31053">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:28:14">
17:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks ❌</strong><br><br><code>The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure &apos;pen-testing&apos; company.</code><br><br><a href="https://threatpost.com/fin7-security-pros-ransomware-attacks/175681/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31054">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:39:21">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42840 ‼</strong><br><br><code>SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31055">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:39:22">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42556 ‼</strong><br><br><code>Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31056">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:39:23">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42836 ‼</strong><br><br><code>GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31057">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:39:24">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41171 ‼</strong><br><br><code>eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31058">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:39:25">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-29835 ‼</strong><br><br><code>IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31059">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 17:56:29">
17:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 aDolus raises $2.5 million to secure critical infrastructure and grow sales and marketing team 🕴</strong><br><br><code>Software supply chain security experts to drive aggressive go-to-market strategy</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/adolus-raises-2-5-million-to-secure-critical-infrastructure-and-grow-sales-and-marketing-team">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31060">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:28">
19:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-36485 ‼</strong><br><br><code>Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36485">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31061">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:29">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23060 ‼</strong><br><br><code>Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23060">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31062">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:30">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28968 ‼</strong><br><br><code>Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31063">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:31">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28957 ‼</strong><br><br><code>Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31064">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:32">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36491 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&amp;filename`, `CKEditor` and `CKEditorFuncNum` parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36491">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31065">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:36">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36493 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&amp;filename`, `CKEditor` and `CKEditorFuncNum` parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31066">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:38">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36490 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&amp;filename`, `CKEditor` and `CKEditorFuncNum` parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31067">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:38">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28955 ‼</strong><br><br><code>SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31068">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:39">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23047 ‼</strong><br><br><code>Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31069">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:40">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23037 ‼</strong><br><br><code>Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31070">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:41">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23061 ‼</strong><br><br><code>Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31071">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:42">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23046 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet&apos; parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31072">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:43">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36502 ‼</strong><br><br><code>Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31073">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:44">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36489 ‼</strong><br><br><code>Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36489">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31074">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:45">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28961 ‼</strong><br><br><code>Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31075">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:49">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36498 ‼</strong><br><br><code>Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31076">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:50">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28969 ‼</strong><br><br><code>Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31077">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:50">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23049 ‼</strong><br><br><code>Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register&apos; functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31078">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:51">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-23042 ‼</strong><br><br><code>Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31079">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:39:52">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36495 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet&apos; parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31080">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:45:30">
19:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36496 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet&apos; parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31081">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:45:31">
19:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36497 ‼</strong><br><br><code>DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet&apos; parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31082">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:45:32">
19:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36499 ‼</strong><br><br><code>TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31083">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 19:45:33">
19:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-36501 ‼</strong><br><br><code>Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36501">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31084">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 21:39:32">
21:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42258 ‼</strong><br><br><code>BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42258">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31085">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:23">
23:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Kaspersky Internet Security review: Powerful, highly configurable protection 📢</strong><br><br><code>Easy to use, efficient and accurate malware defense for users who want to personalise their protection</code><br><br><a href="https://www.itpro.co.uk/security/antivirus/361292/kaspersky-internet-security-review-powerful-highly-configurable">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31086">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:24">
23:26
       </div>

       <div class="text">
<strong>📢 The many IT errors of the British government 📢</strong><br><br><code>Are UK politicians living proof that human error is the biggest weakness in cyber security?</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361241/the-many-it-errors-of-the-british-government">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31087">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:25">
23:26
       </div>

       <div class="text">
<strong>📢 Microsoft touts new cyber security help for nonprofits 📢</strong><br><br><code>Free training, security assessments, and access to tools given to strengthen charities’ security posture</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361339/microsoft-touts-new-cyber-security-help-for-nonprofits">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31088">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:26">
23:26
       </div>

       <div class="text">
<strong>📢 Ofcom report reveals alarming uptick in smishing attacks 📢</strong><br><br><code>Text-based scams now more common than phone calls among young adults</code><br><br><a href="https://www.itpro.co.uk/security/scams/361335/three-quarters-of-under-35s-targeted-by-text-scams-ofcom">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31089">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:27">
23:26
       </div>

       <div class="text">
<strong>📢 US to ban surveillance software exports to authoritarian governments 📢</strong><br><br><code>Commerce dept to prevent US companies from selling tools to hack people</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361325/us-to-ban-surveillance-software-exports-to-authoritarian-governments">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31090">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:31">
23:26
       </div>

       <div class="text">
<strong>📢 CISA, FBI and NSA publish BlackMatter ransomware warning 📢</strong><br><br><code>The agencies are warning organisations about the attacks which they say have been used in the past to target US critical infrastructure</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361290/cisa-fbi-nsa-blackmatter-ransomware-warning">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31091">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:32">
23:26
       </div>

       <div class="text">
<strong>📢 How not to get hit by ransomware in 2022 📢</strong><br><br><code>Ransomware is evolving fast. How can a home-based workforce stay a step ahead?</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361250/how-not-to-get-hit-by-ransomware-in-2022">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31092">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:33">
23:26
       </div>

       <div class="text">
<strong>📢 A quarter of all malicious JavaScript is obfuscated 📢</strong><br><br><code>Hackers using concealed packers to avoid detection</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361312/a-quarter-of-all-malicious-javascript-is-obfuscated">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31093">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:34">
23:26
       </div>

       <div class="text">
<strong>📢 Why Big Brother could be your friend 📢</strong><br><br><code>As high street stores join the NICE Investigate Digital Evidence Management system, what does this mean for the wider business community?</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361216/why-big-brother-could-be-your-friend">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31094">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:35">
23:26
       </div>

       <div class="text">
<strong>📢 Podcast transcript: Should the US cyber army be more aggressive? 📢</strong><br><br><code>Read the full transcript for this episode of the IT Pro Podcast</code><br><br><a href="https://www.itpro.co.uk/security/cyber-warfare/361330/podcast-transcript-should-the-us-cyber-army-be-more-aggressive">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31095">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:39">
23:26
       </div>

       <div class="text">
<strong>📢 Graylog launches new cyber security solution to address legacy issues 📢</strong><br><br><code>Graylog Security packages SIEM, UEBA, and anomaly detection into one comprehensive cyber security platform</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361327/graylog-launches-its-cyber-security-solution">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31096">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:40">
23:26
       </div>

       <div class="text">
<strong>📢 UK and US defence labs collaborate on mission-ready AI tech 📢</strong><br><br><code>The joint partnership between the two nation&apos;s military research units present ways to share software during battle</code><br><br><a href="https://www.itpro.co.uk/technology/artificial-intelligence-ai/361289/us-and-uk-defence-labs-collaborate-on-mission-ready-ai">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31097">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:41">
23:26
       </div>

       <div class="text">
<strong>📢 Eagle Eye Networks announces new editions of Cloud VMS 📢</strong><br><br><code>The editions are suitable for small, medium, and large businesses</code><br><br><a href="https://www.itpro.co.uk/security/361315/eagle-eye-networks-announces-new-editions-of-cloud-vms">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages32.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>