messages34.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages33.html">
Previous messages
     </a>

     <div class="message service" id="message-969">

      <div class="body details">
30 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:51">
14:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Ikea launches &quot;full-scale investigation&quot; into email-based cyber attack 📢</strong><br><br><code>Early evidence seems to indicate a compromise of Microsoft Exchange servers in a reply chain attack campaign</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361680/ikea-investigates-email-based-cyber-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33099">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:52">
14:43
       </div>

       <div class="text">
<strong>📢 What is smishing? 📢</strong><br><br><code>A closer look at one of the most perilous forms of phishing</code><br><br><a href="https://www.itpro.co.uk/security/phishing/361625/what-is-smishing">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33100">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:53">
14:43
       </div>

       <div class="text">
<strong>📢 RATDispenser evades nine in ten anti-virus engines 📢</strong><br><br><code>Stealth malware deploys key loggers and information stealers</code><br><br><a href="https://www.itpro.co.uk/security/361638/ratdispenser-evades-nine-in-ten-anti-virus-engines">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33101">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:54">
14:43
       </div>

       <div class="text">
<strong>📢 Sky Broadband took almost 18 months to fix serious router flaw 📢</strong><br><br><code>Flaw could expose user’s home network to hackers</code><br><br><a href="https://www.itpro.co.uk/security/vulnerability/361609/six-million-sky-routers-had-serious-security-flaw">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33102">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:55">
14:43
       </div>

       <div class="text">
<strong>📢 GoDaddy data breach exposes over 1.2 million customer details 📢</strong><br><br><code>Attacker had access to admin passwords for over two months</code><br><br><a href="https://www.itpro.co.uk/security/data-breaches/361624/godaddy-data-breach-exposes-over-12-million-customer-details">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33103">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:56">
14:43
       </div>

       <div class="text">
<strong>📢 Why the NCSC and telecoms firms are at loggerheads over quantum key distribution 📢</strong><br><br><code>In the face of mixed messages between the public and private sector, should businesses be wary of jumping on the bandwagon?</code><br><br><a href="https://www.itpro.co.uk/security/encryption/361581/ncsc-telecoms-quantum-key-distribution">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33104">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:58">
14:43
       </div>

       <div class="text">
<strong>📢 SMBs urged to update software ahead of Black Friday 📢</strong><br><br><code>NCSC identified 4,151 online shops compromised using vulnerability within e-commerce platform Magento</code><br><br><a href="https://www.itpro.co.uk/marketing-comms/e-commerce/361661/smbs-urged-to-update-software-ahead-of-black-friday">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33105">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:59">
14:43
       </div>

       <div class="text">
<strong>📢 Pizza chain exposed 100,000 employees&apos; Social Security numbers 📢</strong><br><br><code>Former and current staff at California Pizza Kitchen potentially burned by hackers</code><br><br><a href="https://www.itpro.co.uk/security/data-breaches/361613/pizza-chain-exposed-100000-employees-social-security-numbers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33106">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:59">
14:43
       </div>

       <div class="text">
<strong>📢 Apple sues NSO Group over Pegasus attacks on its customers 📢</strong><br><br><code>The lawsuit claims &apos;flagrant&apos; violations of US federal and state law from the Israeli firm behind the infamous spyware</code><br><br><a href="https://www.itpro.co.uk/security/spyware/361639/apple-sues-nso-group-over-pegasus-attacks-on-its-customers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33107">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:03">
14:44
       </div>

       <div class="text">
<strong>📢 Thousands of printers at risk of denial of service attacks 📢</strong><br><br><code>Attackers can easily manipulate the 9100 port to hijack hardware and steal data, researchers claim</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361651/thousands-of-printers-at-risk-of-denial-of-service-attacks">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33108">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:05">
14:44
       </div>

       <div class="text">
<strong>📢 Wind turbine maker Vestas hit by cyber attack 📢</strong><br><br><code>Danish firm says hackers managed to obtain company data and knock out parts of its IT network</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361616/wind-turbine-vestas-hit-cyber-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33109">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:06">
14:44
       </div>

       <div class="text">
<strong>📢 Hackers use Linux backdoor on compromised e-commerce sites with software skimmer 📢</strong><br><br><code>Cyber criminals in China control the malware</code><br><br><a href="https://www.itpro.co.uk/security/malware/361611/hackers-use-linux-backdoor-on-compromised-e-commerce-sites-with-software">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33110">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:08">
14:44
       </div>

       <div class="text">
<strong>📢 CronRat Magecart malware uses 31st February date to remain undetected 📢</strong><br><br><code>The malware allows for server-side payment skimming that bypasses browser security</code><br><br><a href="https://www.itpro.co.uk/security/malware/361673/cronrat-malware-31-february-evade-detection">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33111">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:10">
14:44
       </div>

       <div class="text">
<strong>📢 Iranian hackers ramp up attacks against IT services sector 📢</strong><br><br><code>Microsoft security researchers warn hacking is part of broader cyber espionage effort</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361610/iranian-hackers-ramp-up-attacks-against-it-services-sector">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33112">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:12">
14:44
       </div>

       <div class="text">
<strong>📢 Fifth of UK security pros discriminated against in 2021 📢</strong><br><br><code>The NCSC’s and KPMG’s Diversity and inclusion in cyber security report studied the obstacles faced by cyber security professionals</code><br><br><a href="https://www.itpro.co.uk/business-strategy/careers-training/361629/fifth-of-uk-security-pros-discriminated-against-in-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33113">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:13">
14:44
       </div>

       <div class="text">
<strong>📢 Meta delays product-wide end-to-end encryption rollout until 2023 📢</strong><br><br><code>The company wants to &apos;take its time&apos; to implement the technology in a way that both protects privacy and prevents exposure to online harms</code><br><br><a href="https://www.itpro.co.uk/security/encryption/361615/meta-delays-product-wide-encryption-rollout-until-2023">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33114">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:14">
14:44
       </div>

       <div class="text">
<strong>📢 Microsoft patch fails to fix Installer zero-day affecting every version of Windows 📢</strong><br><br><code>The exploit allows hackers to elevate privileges and create admin accounts</code><br><br><a href="https://www.itpro.co.uk/security/vulnerability/361646/microsoft-patch-fails-fix-installer-zero-day-windows-exploit">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33115">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:15">
14:44
       </div>

       <div class="text">
<strong>📢 ID.me</strong> <strong>and Sterling Check partner on in-person identity verification 📢</strong><br><br><code>The joint solution improves equity and access to government benefits</code><br><br><a href="https://www.itpro.co.uk/security/identity-and-access-management-iam/361612/idme-and-sterling-check-partner-on-in-person">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33116">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:44:16">
14:44
       </div>

       <div class="text">
<strong>📢 Investors warned to be vigilant of fake SEC alerts 📢</strong><br><br><code>Hackers are targeting victims using phone calls and voice mails about cryptocurrency transactions</code><br><br><a href="https://www.itpro.co.uk/security/cyber-crime/361619/investors-warned-over-fake-securities-exchange-alerts">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33117">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 15:21:08">
15:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Government-Industry Cooperation May Be the Most Potent Ransomware Antidote 🕴</strong><br><br><code>The side that&apos;s better at collaborating with allies will have the upper hand, and until now, that distinction has gone to the cybercriminals.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/government-industry-cooperation-may-be-the-most-potent-ransomware-antidote">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33118">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 15:25:13">
15:25
       </div>

       <div class="text">
<strong>❌ Panasonic’s Data Breach Leaves Open Questions ❌</strong><br><br><code>Cyberattackers had unfettered access to the technology giant&apos;s file server for four months.</code><br><br><a href="https://threatpost.com/panasonic-data-breach-questions/176660/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33119">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 15:25:14">
15:25
       </div>

       <div class="text">
<strong>❌ Finland Faces Blizzard of FluBot-Spreading Text Messages ❌</strong><br><br><code>Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an &quot;exceptional&quot; attack.</code><br><br><a href="https://threatpost.com/finland-flubot-text-messages/176649/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33120">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 16:35:36">
16:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38967 ‼</strong><br><br><code>IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33121">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 16:35:37">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-39000 ‼</strong><br><br><code>IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33122">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 16:35:39">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-38958 ‼</strong><br><br><code>IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33123">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 16:35:39">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-38999 ‼</strong><br><br><code>IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33124">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 17:55:51">
17:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks ❌</strong><br><br><code>The insurer won’t pay for &apos;acts of cyber-war&apos; or nation-state retaliation attacks.   </code><br><br><a href="https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33125">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:21:20">
18:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Attacker Sentenced in Multimillion-Dollar SIM Hijacking Scheme 🕴</strong><br><br><code>A sixth member of international hacking group The Community was sentenced to 10 months in prison and ordered to pay $121,549.37 in restitution.</code><br><br><a href="https://www.darkreading.com/endpoint/attacker-sentenced-in-multi-million-dollar-sim-hijacking-scheme">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33126">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:25:19">
18:25
       </div>

       <div class="text">
<strong>❌ How Decryption of Network Traffic Can Improve Security ❌</strong><br><br><code>Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.</code><br><br><a href="https://threatpost.com/decryption-improve-security/176613/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33127">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:35">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-7879 ‼</strong><br><br><code>This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(&apos;[COOKIE]&apos;) . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7879">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33128">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:35">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42099 ‼</strong><br><br><code>Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42099">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33129">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:37">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43296 ‼</strong><br><br><code>Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33130">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:38">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-31787 ‼</strong><br><br><code>The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33131">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:39">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43294 ‼</strong><br><br><code>Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43294">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33132">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:41">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-42564 ‼</strong><br><br><code>An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the &apos;&lt;meta http-equiv=&quot;refresh&quot;&apos; substring in the editor parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33133">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:42">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-44230 ‼</strong><br><br><code>PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44230">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33134">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:43">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-40101 ‼</strong><br><br><code>An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user&apos;s password to be changed without a prompt for the current password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40101">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33135">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:44">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43283 ‼</strong><br><br><code>An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43283">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33136">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:45">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-4026 ‼</strong><br><br><code>bookstack is vulnerable to Improper Access Control</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33137">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:47">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-26612 ‼</strong><br><br><code>An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26612">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33138">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:48">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-7880 ‼</strong><br><br><code>The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7880">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33139">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:49">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43320 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-41244. Reason: This candidate is a reservation duplicate of CVE-2021-41244. Notes: All CVE users should reference CVE-2021-41244 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33140">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:51">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43319 ‼</strong><br><br><code>Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43319">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33141">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:52">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43284 ‼</strong><br><br><code>An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43284">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33142">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:53">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-22095 ‼</strong><br><br><code>In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22095">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33143">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:53">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43282 ‼</strong><br><br><code>An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router&apos;s MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33144">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 18:34:54">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43295 ‼</strong><br><br><code>Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33145">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 19:21:21">
19:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What’s the Difference Between SASE and SD-WAN? 🕴</strong><br><br><code>While SD-WAN is a key part of a hybrid workplace and multicloud operation, it should be treated as a stepping stone to SASE, not an alternative.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/what-s-the-difference-between-sase-and-sdwan-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33146">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 19:51:22">
19:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 HP Issues Firmware Updates for Printer Product Vulnerabilities 🕴</strong><br><br><code>More than 150 HP printer models have bugs that could enable attackers to steal data and gain an initial foothold on enterprise networks.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/hp-issues-firmware-updates-for-printer-product-vulnerabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33147">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:21:24">
20:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Legal Cases and Privacy Rulings Aim to Curtail Facial Biometrics 🕴</strong><br><br><code>Decisions in the UK and Australia, and lawsuits in the United States, could force facial-recognition providers to remove data from their machine-learning models.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/legal-cases-and-privacy-policies-threaten-use-of-facial-biometrics">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33148">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:34:35">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-36330 ‼</strong><br><br><code>Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33149">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:34:36">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-41256 ‼</strong><br><br><code>nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41256">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33150">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:34:38">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-36329 ‼</strong><br><br><code>Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33151">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:34:40">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-36326 ‼</strong><br><br><code>Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33152">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:34:41">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-36327 ‼</strong><br><br><code>Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker&apos;s choice.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36327">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33153">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 20:34:42">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-36328 ‼</strong><br><br><code>Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-970">

      <div class="body details">
1 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33154">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 02:32:55">
02:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Deloitte: How sensitive AI data may become more private and secure in 2022 🦿</strong><br><br><code>Technologies are available to better protect the data used in artificial intelligence, but they&apos;re not quite ready for prime time, says Deloitte.</code><br><br><a href="https://www.techrepublic.com/article/deloitte-how-sensitive-ai-data-may-become-more-private-and-secure-in-2022/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33155">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:02">
03:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20853 ‼</strong><br><br><code>ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33156">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:03">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20864 ‼</strong><br><br><code>Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33157">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:04">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20851 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33158">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:05">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20854 ‼</strong><br><br><code>ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33159">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:06">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-40809 ‼</strong><br><br><code>An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33160">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:07">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20861 ‼</strong><br><br><code>Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20861">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33161">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:09">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43358 ‼</strong><br><br><code>Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33162">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:10">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20847 ‼</strong><br><br><code>Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33163">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:11">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20859 ‼</strong><br><br><code>ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33164">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:12">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20863 ‼</strong><br><br><code>OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33165">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:13">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20852 ‼</strong><br><br><code>Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33166">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:14">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20857 ‼</strong><br><br><code>Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33167">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:15">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20856 ‼</strong><br><br><code>Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33168">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:16">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20858 ‼</strong><br><br><code>Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20858">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33169">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:17">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20860 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33170">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:21">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43360 ‼</strong><br><br><code>Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33171">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:22">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20855 ‼</strong><br><br><code>Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33172">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:23">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20862 ‼</strong><br><br><code>Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product&apos;s settings via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33173">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 03:35:24">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43359 ‼</strong><br><br><code>Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33174">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 08:08:19">
08:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Web cache poisoning bug discovered in Symfony PHP framework 🗓️</strong><br><br><code>Vulnerability in open source project has since been patched</code><br><br><a href="https://portswigger.net/daily-swig/web-cache-poisoning-bug-discovered-in-symfony-php-framework">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33175">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 08:35:11">
08:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4019 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33176">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 08:35:12">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-34599 ‼</strong><br><br><code>Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33177">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 08:35:13">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-4018 ‼</strong><br><br><code>snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4018">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33178">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 09:25:50">
09:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users ❌</strong><br><br><code>Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.</code><br><br><a href="https://threatpost.com/smishing-campaign-iranian-android-users/176679/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33179">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:38">
10:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4017 ‼</strong><br><br><code>showdoc is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33180">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:39">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3989 ‼</strong><br><br><code>showdoc is vulnerable to URL Redirection to Untrusted Site</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33181">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:40">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3990 ‼</strong><br><br><code>showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33182">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:41">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3964 ‼</strong><br><br><code>elgg is vulnerable to Authorization Bypass Through User-Controlled Key</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3964">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33183">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:42">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3983 ‼</strong><br><br><code>kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33184">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:44">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3984 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33185">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:45">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3992 ‼</strong><br><br><code>kimai2 is vulnerable to Improper Access Control</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3992">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33186">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:46">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-4015 ‼</strong><br><br><code>firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33187">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:47">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3985 ‼</strong><br><br><code>kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33188">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:48">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3994 ‼</strong><br><br><code>django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33189">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:49">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3993 ‼</strong><br><br><code>showdoc is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33190">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:35:51">
10:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-32592 ‼</strong><br><br><code>An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33191">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:38:20">
10:38
       </div>

       <div class="text">
<strong>🗓️ Sixth member of notorious SIM-swapping cybercrime gang sentenced 🗓️</strong><br><br><code>US crime syndicate ‘The Community’ stole millions of dollars’ worth of cryptocurrency</code><br><br><a href="https://portswigger.net/daily-swig/sixth-member-of-notorious-sim-swapping-cybercrime-gang-sentenced">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33192">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 10:59:45">
10:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Clearview AI face-matching service set to be fined over $20m ⚠</strong><br><br><code>Scraping data for a facial recognition service? &quot;That&apos;s unlawful&quot;, concluded both the British and the Australians.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/30/controversial-face-matchers-clearview-set-to-be-fined-over-20m/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33193">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:24:19">
12:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Cyber Threats Facing Retailers This Holiday Shopping Season 🕴</strong><br><br><code>With supply chain delays and an online shopping boom, attacks will come from multiple angles.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/the-cyber-threats-facing-retailers-this-holiday-shopping-season">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33194">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:35:25">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43690 ‼</strong><br><br><code>YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33195">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:35:26">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-44280 ‼</strong><br><br><code>attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44280">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33196">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:35:27">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-25967 ‼</strong><br><br><code>In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33197">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:35:28">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-44279 ‼</strong><br><br><code>Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33198">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:35:29">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-44277 ‼</strong><br><br><code>Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33199">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 12:38:27">
12:38
       </div>

       <div class="text">
<strong>🗓️ ‘Over-permissive’ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks 🗓️</strong><br><br><code>Mail servers readily hijacked due to MSP oversight</code><br><br><a href="https://portswigger.net/daily-swig/over-permissive-authentication-checks-left-190-australian-organizations-vulnerable-to-business-email-compromise-attacks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33200">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:22:36">
14:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management 🕴</strong><br><br><code>Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cycognito-secures-100m-to-accelerate-next-evolution-of-attack-surface-management">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33201">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:25:58">
14:25
       </div>

       <div class="text">
<strong>❌ Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments ❌</strong><br><br><code>Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.</code><br><br><a href="https://threatpost.com/wirte-middle-eastern-governments/176688/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33202">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:39:58">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43689 ‼</strong><br><br><code>manage (last update Oct 24, 2017) is affected by is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43689">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33203">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:39:59">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43685 ‼</strong><br><br><code>libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33204">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:00">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-44480 ‼</strong><br><br><code>Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device&apos;s surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33205">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:01">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-44479 ‼</strong><br><br><code>NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44479">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33206">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:03">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-40154 ‼</strong><br><br><code>NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40154">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33207">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:04">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-10627 ‼</strong><br><br><code>Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33208">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:05">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-26334 ‼</strong><br><br><code>The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33209">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:06">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-20611 ‼</strong><br><br><code>Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions &quot;24&quot; and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions &quot;57&quot; and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions &quot;29&quot; and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. &quot;23071&quot; and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. &quot;23071&quot; and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33210">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:06">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-20609 ‼</strong><br><br><code>Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions &quot;24&quot; and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions &quot;57&quot; and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions &quot;29&quot; and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. &quot;23071&quot; and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. &quot;23071&quot; and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33211">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:08">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-20610 ‼</strong><br><br><code>Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions &quot;24&quot; and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions &quot;57&quot; and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions &quot;29&quot; and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. &quot;23071&quot; and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. &quot;23071&quot; and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20610">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33212">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 14:40:09">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-43687 ‼</strong><br><br><code>chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33213">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 15:22:40">
15:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Will Cyber Threats Impact the Beijing Winter Olympics? 🕴</strong><br><br><code>NTT helped the International Olympic Committee dodge a security bullet in Tokyo. The world will watch to see if it can pull off a similar feat in Beijing for the upcoming Winter Games.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/how-will-cyber-threats-impact-the-beijing-winter-olympics-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33214">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:22:45">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Names 23 Members to New Cybersecurity Advisory Committee 🕴</strong><br><br><code>Group will advise and provide recommendations to the director to enhance the nation’s cyber defense.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/cisa-names-23-members-to-new-cybersecurity-advisory-committee">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33215">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:22:46">
16:22
       </div>

       <div class="text">
<strong>🕴 ReliaQuest Valued At More Than $1 Billion Following Growth Round Led by KKR 🕴</strong><br><br><code>The open XDR-as-a-service provider will use investment to expand business operations and further development of its GreyMatter platform.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/reliaquest-valued-at-more-than-1-billion-following-growth-round-led-by-kkr">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33216">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:35:31">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-29849 ‼</strong><br><br><code>IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33217">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:35:33">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-29863 ‼</strong><br><br><code>IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33218">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:35:34">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-29779 ‼</strong><br><br><code>IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33219">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:35:35">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-42776 ‼</strong><br><br><code>CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33220">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:35:36">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-38575 ‼</strong><br><br><code>NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33221">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:35:37">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20400 ‼</strong><br><br><code>IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20400">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33222">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:52:43">
16:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CyCognito Raises $100 Million Series C Funding 🕴</strong><br><br><code>Companies offers external attack surface management platform to help companies prioritize, investigate, and respond to potential security risks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cycognito-raises-100-million-series-c-funding">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33223">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 16:56:04">
16:56
       </div>

       <div class="text">
<strong>❌ 80K Retail WooCommerce Sites Exposed by Plugin XSS Bug ❌</strong><br><br><code>The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.</code><br><br><a href="https://threatpost.com/retail-woocommerce-sites-plugin-xss-bug/176704/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33224">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 17:35:04">
17:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybersecurity: Increase your protection by using the open-source tool YARA 🦿</strong><br><br><code>This won&apos;t replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here&apos;s how to install it on Mac, Windows and Linux.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-increase-your-protection-by-using-the-open-source-tool-yara/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33225">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 18:35:39">
18:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43137 ‼</strong><br><br><code>Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33226">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 18:35:40">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43792 ‼</strong><br><br><code>Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the &quot;Tags are visible only to the following groups&quot; feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33227">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 18:35:41">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43794 ‼</strong><br><br><code>Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33228">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 18:35:42">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43793 ‼</strong><br><br><code>Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33229">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 18:35:44">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-41039 ‼</strong><br><br><code>In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33230">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 18:35:45">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43451 ‼</strong><br><br><code>SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33231">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 19:22:51">
19:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Ransomware Variant Could Become Next Big Threat 🕴</strong><br><br><code>&quot;Yanluowang&quot; strain appears to be establishing itself in the cybercrime marketplace, experts say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-ransomware-variant-could-become-next-big-threat">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33232">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:22:55">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Russian Man Sentenced to 60 Months in Prison for Running &apos;Bulletproof&apos; Hosting for Cybercrime 🕴</strong><br><br><code>Service hosted Zeus, SpyEye, Citadel, Blackhole Exploit Kit malware aimed at US companies and financial institutions.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/russian-man-sentenced-to-60-months-in-prison-for-running-bulletproof-hosting-service">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33233">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:22:56">
20:22
       </div>

       <div class="text">
<strong>🕴 Neustar Security Services Spins Out as Own Company 🕴</strong><br><br><code>The company plans to offer newly integrated services into its Ultra Secure portfolio and expand its sales, marketing, and service capabilities.</code><br><br><a href="https://www.darkreading.com/endpoint/neustar-security-services-spins-out-into-standalone-company">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33234">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:39">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33274 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33235">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:41">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33271 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33236">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:42">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33265 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33265">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33237">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:43">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33267 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33238">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:44">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33270 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33239">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:45">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33266 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33240">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:45">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33269 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33241">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:35:46">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-33268 ‼</strong><br><br><code>D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33242">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:55:34">
20:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Military Vets Share Lessons That Helped Them Build Infosec Startups 🕴</strong><br><br><code>Startup founders who previously served in the military share the lessons that have helped them build cybersecurity careers and companies.</code><br><br><a href="https://www.darkreading.com/edge-articles/military-vets-share-lessons-that-helped-them-build-infosec-startups">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33243">

      <div class="body">

       <div class="pull_right date details" title="01.12.2021 20:55:35">
20:55
       </div>

       <div class="text">
<strong>🕴 APT Groups Adopt New Phishing Method. Will Cybercriminals Follow? 🕴</strong><br><br><code>APT actors from Russia, China, and India have been observed using the RTF-template injection technique that researchers say is poised for wider adoption.</code><br><br><a href="https://www.darkreading.com/endpoint/apt-groups-adopt-new-phishing-method-will-cybercriminals-follow-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-971">

      <div class="body details">
2 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33244">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 03:35:57">
03:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26777 ‼</strong><br><br><code>Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33245">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 03:35:58">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43791 ‼</strong><br><br><code>Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33246">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 03:35:59">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-27414 ‼</strong><br><br><code>Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33247">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 03:36:00">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-44227 ‼</strong><br><br><code>In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33248">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 10:08:57">
10:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Data breach at Florida school district impacts 50,000 students and employees 🗓️</strong><br><br><code>Broward County School District backtracks after ransomware attack</code><br><br><a href="https://portswigger.net/daily-swig/data-breach-at-florida-school-district-impacts-50-000-students-and-employees">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33249">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 12:23:22">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Insider threat: Tech firm was hacked and extorted by its own employee, says FBI 🗓️</strong><br><br><code>Senior developer also accused of posing as anonymous whistleblower</code><br><br><a href="https://portswigger.net/daily-swig/insider-threat-tech-firm-was-hacked-and-extorted-by-its-own-employee-says-fbi">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33250">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 12:23:24">
12:23
       </div>

       <div class="text">
<strong>🕴 Breaking the Black Mirror and Other Lessons From Day of Shecurity 🕴</strong><br><br><code>Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry.</code><br><br><a href="https://www.darkreading.com/careers-and-people/breaking-the-black-mirror-and-other-lessons-from-day-of-shecurity">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33251">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 12:43:19">
12:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43682 ‼</strong><br><br><code>thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER[&apos;HTTP_HOST&apos;].</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33252">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 12:43:21">
12:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-43681 ‼</strong><br><br><code>SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data[&apos;proxy_name&apos;].</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33253">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 12:43:22">
12:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-43686 ‼</strong><br><br><code>nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET[&apos;t&apos;].</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33254">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 12:43:23">
12:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-43683 ‼</strong><br><br><code>pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST[&apos;hash&apos;].</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33255">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 13:05:11">
13:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Five Health Providers Held Accountable for Violating HIPAA Right of Access 🔏</strong><br><br><code>OCR has shown that its serious about patients being able to access their healthcare records – recently levied penalties serve as a reminder for organizations to know where PHI is at all times.</code><br><br><a href="https://digitalguardian.com/blog/five-health-providers-held-accountable-violating-hipaa-right-access">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33256">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 13:27:52">
13:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” ♟️</strong><br><br><code>In January 2021, technology vendor Ubiquiti Inc. [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.</code><br><br><a href="https://krebsonsecurity.com/2021/12/ubiquiti-developer-charged-with-extortion-causing-2020-breach/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33257">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 13:35:32">
13:35
       </div>

       <div class="text">
<strong>🛠 I2P 1.6.1 🛠</strong><br><br><code>I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.</code><br><br><a href="https://packetstormsecurity.com/files/165133/i2psource_1.6.1.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33258">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:23:52">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Ransomware groups increasingly using data leak threats to pile pressure on victims 🗓️</strong><br><br><code>Nearly one in three victims succumb to extortion, estimates Group-IB</code><br><br><a href="https://portswigger.net/daily-swig/ransomware-groups-increasingly-using-data-leak-threats-to-pile-pressure-on-victims">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33259">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:23:53">
14:23
       </div>

       <div class="text">
<strong>🕴 When Will a Cloud Infrastructure Heavyweight Launch a SASE? 🕴</strong><br><br><code>There&apos;s been a veritable gold rush of security vendors getting into secure access service edge. Now will any of the major IaaS vendors enter the market? Rik Turner makes the case.</code><br><br><a href="https://www.darkreading.com/omdia/when-will-a-cloud-infrastructure-heavyweight-launch-a-sase-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33260">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:30:33">
14:30
       </div>

       <div class="text">
<strong>⚠ IoT devices must “protect consumers from cyberharm”, says UK government ⚠</strong><br><br><code>&quot;Must be at least THIS tall to go on ride&quot; seems to be the starting point. Too little, too late? Or better than nothing?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/02/iot-devices-must-protect-consumers-from-cyberharm-says-uk-government/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33261">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:35">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23260 ‼</strong><br><br><code>Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33262">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:36">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23262 ‼</strong><br><br><code>Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33263">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:37">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23263 ‼</strong><br><br><code>Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33264">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:39">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23258 ‼</strong><br><br><code>Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23258">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33265">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:39">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23259 ‼</strong><br><br><code>Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33266">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:40">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23261 ‼</strong><br><br><code>Authenticated administrators may override the system configuration file and cause a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33267">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:41">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43679 ‼</strong><br><br><code>ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33268">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:36:43">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23264 ‼</strong><br><br><code>Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33269">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:54:46">
14:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Key Characteristics of Malicious Domains: Report 🕴</strong><br><br><code>Newer top-level domains and certain hosting providers are frequent sources of malicious content, while newly registered domains and free SSL certificates are not any more likely than average to be risky, new research shows.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/research-outs-the-providers-more-likely-to-host-malicious-content">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33270">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 14:57:19">
14:57
       </div>

       <div class="text">
<strong>❌ AT&amp;T Takes Steps to Mitigate Botnet Found Inside Its Network  ❌</strong><br><br><code>AT&amp;T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.</code><br><br><a href="https://threatpost.com/att-botnet-network/176711/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33271">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 15:00:34">
15:00
       </div>

       <div class="text">
<strong>⚠ S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/02/s3-ep61-call-scammers-cloud-insecurity-and-facial-recognition-creepiness-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33272">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:36:59">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3944 ‼</strong><br><br><code>bookstack is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3944">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33273">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:37:00">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2015-20106 ‼</strong><br><br><code>The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20106">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33274">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:37:01">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2015-20105 ‼</strong><br><br><code>The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33275">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:37:02">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43795 ‼</strong><br><br><code>Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server&apos;s local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria&apos;s path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43795">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33276">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:37:04">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44518 ‼</strong><br><br><code>An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock&apos;s power button, and must be able to capture BLE network communication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44518">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33277">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:56:48">
16:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Planned Parenthood Breach Opens Patients to Follow-On Attacks ❌</strong><br><br><code>Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information.</code><br><br><a href="https://threatpost.com/planned-parenthood-breach-attacks/176718/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33278">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 16:56:49">
16:56
       </div>

       <div class="text">
<strong>❌ ‘Double-Extortion’ Ransomware Data Leaks Skyrocket 935% ❌</strong><br><br><code>Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.</code><br><br><a href="https://threatpost.com/double-extortion-ransomware-data-leaks/176723/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33279">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 17:04:15">
17:04
       </div>

       <div class="text">
<strong>🦿 Insider threats: How trustworthy are your employees? 🦿</strong><br><br><code>While we often worry about outside threats to our business data, insider threats are a growing problem. Here&apos;s how to secure your business.</code><br><br><a href="https://www.techrepublic.com/article/insider-threats-how-trustworthy-are-your-employees/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33280">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 17:23:34">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Planned Parenthood LA Breach Compromises 400,000 Patients&apos; Data 🕴</strong><br><br><code>The breach, which compromised data such as insurance details and prescription information, took place between Oct. 9 and Oct. 17.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/planned-parenthood-la-breach-compromises-400-000-patients-data">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33281">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 18:36:53">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44050 ‼</strong><br><br><code>CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33282">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 18:36:54">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40334 ‼</strong><br><br><code>Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33283">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 18:36:55">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40333 ‼</strong><br><br><code>Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33284">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 18:36:56">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43327 ‼</strong><br><br><code>An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43327">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33285">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 18:54:33">
18:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Top 5 Reasons to Get &apos;SASE&apos; With Security 🕴</strong><br><br><code>Proactively updating and integrating technology, and ensuring tight collaboration between IT and security … it&apos;s simple, right? Well, not always – especially for organizations with limited resources.</code><br><br><a href="https://www.darkreading.com/edge-articles/top-5-reasons-to-get-sase-with-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33286">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:24:40">
20:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Darktrace Reports 30% More Ransomware Attacks Targeting Organizations During the Holiday Period 🕴</strong><br><br><code>Researchers also observed a 70% average increase in attempted ransomware attacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/darktrace-reports-30-more-ransomware-attacks-targeting-organizations-during-the-holiday-period">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33287">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:02">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36129 ‼</strong><br><br><code>AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33288">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:04">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36135 ‼</strong><br><br><code>AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33289">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:05">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36134 ‼</strong><br><br><code>AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33290">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:06">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36131 ‼</strong><br><br><code>AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33291">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:08">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28237 ‼</strong><br><br><code>LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33292">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:09">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28236 ‼</strong><br><br><code>LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33293">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:10">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36130 ‼</strong><br><br><code>AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33294">

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:37:11">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36133 ‼</strong><br><br><code>AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33295">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2021 20:56:14">
20:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ransomware, Carding, and Initial Access Brokers: Group-IB Presents Report on Trending Crimes 🕴</strong><br><br><code>Report explores cybercrime developments from the second half of 2020 through the first half of 2021.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ransomware-carding-and-initial-access-brokers-group-ib-presents-report-on-trending-crimes">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-972">

      <div class="body details">
3 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33296">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:09:31">
10:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ FTC implements tougher data protection rules to safeguard customer information 🗓️</strong><br><br><code>New requirements for financial institutions include vulnerability assessments, employee training</code><br><br><a href="https://portswigger.net/daily-swig/ftc-implements-tougher-data-protection-rules-to-safeguard-customer-information">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33297">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:27:38">
10:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Threat Group Takes Aim Again at Cloud Platform Provider Zoho ❌</strong><br><br><code>Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.</code><br><br><a href="https://threatpost.com/threat-group-takes-aim-again-at-cloud-platform-provider-zoho/176732/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33298">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:38">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44020 ‼</strong><br><br><code>An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33299">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:39">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-4000 ‼</strong><br><br><code>showdoc is vulnerable to URL Redirection to Untrusted Site</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33300">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:40">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44021 ‼</strong><br><br><code>An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33301">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:41">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43673 ‼</strong><br><br><code>dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43673">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33302">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:42">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43772 ‼</strong><br><br><code>Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33303">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:44">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44022 ‼</strong><br><br><code>A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33304">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 10:37:45">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44019 ‼</strong><br><br><code>An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33305">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 11:34:53">
11:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to avoid being a hacker&apos;s next target: Don&apos;t overshare information on business social media 🦿</strong><br><br><code>When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.</code><br><br><a href="https://www.techrepublic.com/article/how-to-avoid-being-a-hackers-next-target-dont-overshare-information-on-business-social-media/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33306">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 11:37:54">
11:37
       </div>

       <div class="text">
<strong>🔏 Friday Five 12/2 🔏</strong><br><br><code>$31 in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-12/2">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33307">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 11:40:57">
11:40
       </div>

       <div class="text">
<strong>🗓️ US identity thieves jailed over $130,000 scam that targeted the elderly 🗓️</strong><br><br><code>Dark web fraudsters caught after stealing the identities of murder victims</code><br><br><a href="https://portswigger.net/daily-swig/us-identity-thieves-jailed-over-130-000-scam-that-targeted-the-elderly">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33308">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 12:25:35">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 An Insider&apos;s Account of Disclosing Vulnerabilities 🕴</strong><br><br><code>Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/an-insider-s-account-of-disclosing-vulnerabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33309">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 12:37:51">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44278 ‼</strong><br><br><code>Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33310">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 12:37:52">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43676 ‼</strong><br><br><code>matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33311">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 12:37:54">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43674 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43674">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33312">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 12:40:53">
12:40
       </div>

       <div class="text">
<strong>🗓️ Pip-audit: Google-backed tool probes Python environments for vulnerable packages 🗓️</strong><br><br><code>‘Good initial results’, says one early adopter</code><br><br><a href="https://portswigger.net/daily-swig/pip-audit-google-backed-tool-probes-python-environments-for-vulnerable-packages">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33313">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 12:57:12">
12:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 USB Devices the Common Denominator in All Attacks on Air-Gapped Systems 🕴</strong><br><br><code>A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/usb-devices-common-denominator-in-all-attacks-on-air-gapped-systemsd">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33314">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 13:31:09">
13:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ IoT devices must “protect consumers from cyberharm”, says UK government ⚠</strong><br><br><code>&quot;Must be at least THIS tall to go on ride&quot; seems to be the starting point. Too little, too late? Or better than nothing?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/02/iot-devices-must-protect-consumers-from-cyberharm-says-uk-government/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33315">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 13:31:10">
13:31
       </div>

       <div class="text">
<strong>⚠ S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/02/s3-ep61-call-scammers-cloud-insecurity-and-facial-recognition-creepiness-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33316">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 14:39:48">
14:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43991 ‼</strong><br><br><code>The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33317">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 14:39:49">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3980 ‼</strong><br><br><code>elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33318">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 14:57:37">
14:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ What Are Your Top Cloud Security Challenges? Threatpost Poll ❌</strong><br><br><code>We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!</code><br><br><a href="https://threatpost.com/cloud-security-challenges-poll/176702/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33319">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 15:01:21">
15:01
       </div>

       <div class="text">
<strong>⚠ Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it ⚠</strong><br><br><code>Mozilla&apos;s cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/03/mozilla-patches-exploitable-bigsig-cryptographic-bug/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33320">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 15:04:57">
15:04
       </div>

       <div class="text">
<strong>🦿 How well do you know your APIs? Not well enough, says Cisco 🦿</strong><br><br><code>Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco&apos;s Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.</code><br><br><a href="https://www.techrepublic.com/article/how-well-do-you-know-your-apis-not-well-enough-says-cisco/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33321">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 15:25:46">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Logiq.ai</strong> <strong>Tackles Observability Problem With LogFlow 🕴</strong><br><br><code>LogFlow addresses data risks associated with machine data pipelines.</code><br><br><a href="https://www.darkreading.com/dr-tech/logiq-ai-tackles-observability-problem-with-logflow">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33322">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:00">
16:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29756 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33323">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:02">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29867 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29867">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33324">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:03">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38909 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38909">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33325">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:04">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20470 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20470">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33326">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:05">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20493 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33327">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:06">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29719 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33328">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:38:08">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29716 ‼</strong><br><br><code>IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33329">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 16:57:33">
16:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Omicron Phishing Scam Already Spotted in UK ❌</strong><br><br><code>Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.</code><br><br><a href="https://threatpost.com/omicron-phishing-scam-uk/176771/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33330">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 17:25:54">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Criminals Are Using Synthetic Identities for Fraud 🕴</strong><br><br><code>Organizations must improve their cybersecurity protocols to detect fraudulent identities and make sure they&apos;re safeguarding their consumers’ personal information.</code><br><br><a href="https://www.darkreading.com/edge-articles/how-criminals-are-using-synthetic-identities-for-fraud">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33331">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 17:28:58">
17:28
       </div>

       <div class="text">
<strong>❌ Pandemic-Influenced Car Shopping: Just Use the Manufacturer API ❌</strong><br><br><code>Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.</code><br><br><a href="https://threatpost.com/pandemic-car-shopping-manufacturer-api/176740/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33332">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 17:55:57">
17:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 IGI Cybersecurity Introduces CISO Team-as-a-Service 🕴</strong><br><br><code>Service gives customers access to a CISO-led team of practitioners with a variety of skills and expertise.</code><br><br><a href="https://www.darkreading.com/operations/igi-cybersecurity-introduces-ciso-team-as-a-service">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33333">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:25:57">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 NSO Group Spyware Used to Breach US State Dept. Phones 🕴</strong><br><br><code>At least nine US State Department employee iPhones were targeted with sophisticated spyware developed by the Israeli firm NSO Group.</code><br><br><a href="https://www.darkreading.com/endpoint/nso-group-spyware-used-to-breach-us-state-dept-phones">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33334">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:06">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-23758 ‼</strong><br><br><code>All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33335">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:07">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-44352 ‼</strong><br><br><code>A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33336">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:08">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-44347 ‼</strong><br><br><code>SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33337">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:09">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-44349 ‼</strong><br><br><code>SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33338">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:10">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-35346 ‼</strong><br><br><code>tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33339">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:14">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-44348 ‼</strong><br><br><code>SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33340">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:15">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-23562 ‼</strong><br><br><code>This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33341">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:38:15">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-35344 ‼</strong><br><br><code>tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33342">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 18:57:29">
18:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 One-Third of Black Friday Shoppers Were Bots, Fake Users 🕴</strong><br><br><code>Fake traffic observed on Nov. 26 included malicious scrapers, sophisticated botnets, fake accounts, and click farms.</code><br><br><a href="https://www.darkreading.com/endpoint/one-third-of-black-friday-shoppers-were-bots-fake-users">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33343">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 19:28:34">
19:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Who Is the Network Access Broker ‘Babam’? ♟️</strong><br><br><code>Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials -- such as usernames and passwords needed to remotely connect to the target&apos;s network. In this post we&apos;ll look at the clues left behind by &quot;Babam,&quot; the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.</code><br><br><a href="https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33344">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 20:38:11">
20:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35415 ‼</strong><br><br><code>A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course &quot;Title&quot; and &quot;Content&quot; fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33345">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 20:38:12">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43415 ‼</strong><br><br><code>HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33346">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 20:38:13">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-35414 ‼</strong><br><br><code>Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33347">

      <div class="body">

       <div class="pull_right date details" title="03.12.2021 20:38:14">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-35413 ‼</strong><br><br><code>A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35413">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-973">

      <div class="body details">
5 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33348">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.12.2021 20:20:06">
20:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44044 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33349">

      <div class="body">

       <div class="pull_right date details" title="05.12.2021 20:20:08">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37253 ‼</strong><br><br><code>M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37253">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33350">

      <div class="body">

       <div class="pull_right date details" title="05.12.2021 20:20:10">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44048 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33351">

      <div class="body">

       <div class="pull_right date details" title="05.12.2021 20:20:10">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44046 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33352">

      <div class="body">

       <div class="pull_right date details" title="05.12.2021 20:20:11">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44047 ‼</strong><br><br><code>A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33353">

      <div class="body">

       <div class="pull_right date details" title="05.12.2021 20:20:12">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44045 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-974">

      <div class="body details">
6 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33354">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:23">
03:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43035 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33355">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:24">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43041 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33356">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:25">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43036 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43036">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33357">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:26">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43043 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33358">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:27">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43033 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43033">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33359">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:28">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43040 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33360">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:29">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43044 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33361">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:30">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43034 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43034">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33362">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:31">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43038 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33363">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:32">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43039 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33364">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:36">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43037 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33365">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 03:20:37">
03:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43042 ‼</strong><br><br><code>An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33366">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 10:11:08">
10:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Crypto-exchange BitMart reports $150 million theft following hack 🗓️</strong><br><br><code>Security firm said attackers executed a ‘transfer-out, swap, and wash’</code><br><br><a href="https://portswigger.net/daily-swig/crypto-exchange-bitmart-reports-150-million-theft-following-hack">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33367">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 10:20:37">
10:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-4069 ‼</strong><br><br><code>vim is vulnerable to Use After Free</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33368">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 10:20:38">
10:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43469 ‼</strong><br><br><code>VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43469">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33369">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 12:03:10">
12:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it ⚠</strong><br><br><code>Mozilla&apos;s cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/03/mozilla-patches-exploitable-bigsig-cryptographic-bug/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33370">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 12:20:42">
12:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43471 ‼</strong><br><br><code>In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33371">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 12:29:42">
12:29
       </div>

       <div class="text">
<strong>🕴 Why the C-Suite Doesn&apos;t Need Access to All Corporate Data 🕴</strong><br><br><code>If zero trust is to work properly, then it must apply to everyone.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/why-the-c-suite-doesn-t-need-access-to-all-corporate-data">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33372">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 12:36:35">
12:36
       </div>

       <div class="text">
<strong>🦿 How to lock a Zoom meeting to keep out unwanted guests 🦿</strong><br><br><code>One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here&apos;s a look at how it&apos;s done.</code><br><br><a href="https://www.techrepublic.com/article/how-to-lock-a-zoom-meeting-to-keep-out-unwanted-guests/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33373">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 12:42:22">
12:42
       </div>

       <div class="text">
<strong>🗓️ Critical vulnerabilities in open source forum software NodeBB could lead to RCE 🗓️</strong><br><br><code>Personal data, account access is at risk</code><br><br><a href="https://portswigger.net/daily-swig/critical-vulnerabilities-in-open-source-forum-software-nodebb-could-lead-to-rce">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33374">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 13:03:18">
13:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Cryptocurrency startup fails to subtract before adding, loses $31m ⚠</strong><br><br><code>Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn&apos;t take away 42. How much is left?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/06/cryptocurrency-startup-fails-to-subtract-before-adding-loses-31m/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33375">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 13:30:17">
13:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Pegasus Spyware Infects U.S. State Department iPhones ❌</strong><br><br><code>It&apos;s unknown who&apos;s behind the cyberattacks against at least nine employees&apos; iPhones, who are all involved in Ugandan diplomacy.</code><br><br><a href="https://threatpost.com/pegasus-spyware-state-department-iphones/176779/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33376">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:46">
14:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Web security bugs discovered in CATIE assisted living framework 🗓️</strong><br><br><code>Care home communications tool conundrum</code><br><br><a href="https://portswigger.net/daily-swig/web-security-bugs-discovered-in-catie-assisted-living-framework">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33377">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:47">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24931 ‼</strong><br><br><code>The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33378">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:48">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24938 ‼</strong><br><br><code>The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33379">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:50">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24917 ‼</strong><br><br><code>The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33380">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:51">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-25041 ‼</strong><br><br><code>The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33381">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:52">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24939 ‼</strong><br><br><code>The LoginWP (Formerly Peter&apos;s Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33382">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:53">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24759 ‼</strong><br><br><code>The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24759">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33383">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:54">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24866 ‼</strong><br><br><code>The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24866">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33384">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:55">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24718 ‼</strong><br><br><code>The Contact Form, Survey &amp; Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33385">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:59">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24714 ‼</strong><br><br><code>The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import&apos;s Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33386">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:20:59">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24930 ‼</strong><br><br><code>The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24930">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33387">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:21:00">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24924 ‼</strong><br><br><code>The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33388">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:21:01">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24943 ‼</strong><br><br><code>The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24943">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33389">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:21:02">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24935 ‼</strong><br><br><code>The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33390">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 14:21:05">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24914 ‼</strong><br><br><code>The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the &apos;tawkto-embed-widget-page-id&apos; and &apos;tawkto-embed-widget-widget-id&apos; parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, ...). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24914">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33391">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 15:18:38">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to write YARA rules for improving your security and malware detection 🦿</strong><br><br><code>YARA won&apos;t replace antivirus software, but it can help you detect problems more efficiently and allows more customization. Learn how to write YARA rules to improve security and incident response .</code><br><br><a href="https://www.techrepublic.com/article/how-to-write-yara-rules-for-improving-your-security-and-malware-detection/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33392">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 15:59:34">
15:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cuba Ransomware Gang Hauls in $44M in Payouts ❌</strong><br><br><code>The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.</code><br><br><a href="https://threatpost.com/cuba-ransomware-gang-44m-payouts/176790/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33393">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:50">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43936 ‼</strong><br><br><code>The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product&apos;s environment or lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43936">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33394">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:51">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-35242 ‼</strong><br><br><code>Serv-U server responds with valid CSRFToken when the request contains only Session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33395">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:52">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-36198 ‼</strong><br><br><code>Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33396">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:53">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43781 ‼</strong><br><br><code>Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. *cannot* change a record from restricted to public. The problem is patched in Invenio-Drafts-Resources v0.13.7 and 0.14.6, which is part of InvenioRDM v6.0.1 and InvenioRDM v7.0 respectively.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43781">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33397">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:54">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-35245 ‼</strong><br><br><code>When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33398">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:58">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-22170 ‼</strong><br><br><code>Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database&apos;s encrypted content</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33399">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:20:59">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43931 ‼</strong><br><br><code>The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33400">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:21:00">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39890 ‼</strong><br><br><code>It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33401">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 16:21:00">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-43784 ‼</strong><br><br><code>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33402">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 17:38:24">
17:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 U.S. Railroad Operators Must Disclose Cybersecurity Incidents Within 24 Hours 🔏</strong><br><br><code>Last week, the Transportation Security Administration continued its 60-day sprint around securing high-risk transit systems by mandating railroad owners disclose cybersecurity incidents within 24 hours.</code><br><br><a href="https://digitalguardian.com/blog/us-railroad-operators-must-disclose-cybersecurity-incidents-within-24-hours">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33403">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 17:59:41">
17:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cyber Command Publicly Joins Fight Against Ransomware Groups   ❌</strong><br><br><code>U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.</code><br><br><a href="https://threatpost.com/cyber-command-ransomware-groups/176801/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33404">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 17:59:42">
17:59
       </div>

       <div class="text">
<strong>🕴 Russian Actors Behind SolarWinds Attack Hit Global Business &amp; Government Targets 🕴</strong><br><br><code>Clusters of activity associated with the attack group behind last year&apos;s supply chain breach reveal novel techniques, researchers say.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/russian-actors-hit-global-business-government-targets">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33405">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 17:59:44">
17:59
       </div>

       <div class="text">
<strong>🕴 US Military Has Acted Against Ransomware Groups: Report 🕴</strong><br><br><code>Gen. Paul Nakasoke, head of US Cyber Command and director of the NSA, said the military has taken offensive action against ransomware groups.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/us-military-has-acted-against-ransomware-groups-report">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33406">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 18:20:53">
18:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43800 ‼</strong><br><br><code>Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43800">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33407">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 19:29:43">
19:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Crypto-Exchange BitMart to Pay Users for $200M Theft ❌</strong><br><br><code>BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it&apos;s closer to $200 million.</code><br><br><a href="https://threatpost.com/crypto-exchange-bitmart-theft/176805/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33408">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 19:29:44">
19:29
       </div>

       <div class="text">
<strong>🕴 Microsoft Seizes Malicious Websites Used by Prolific Chinese APT Group 🕴</strong><br><br><code>The so-called Nikel cyber espionage attack group - aka APT15, Vixen Panda, KE3CHANG, Royal APT, and Playful Dragon - has been in Microsoft&apos;s sights since 2016.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/microsoft-seizes">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33409">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:29">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31632 ‼</strong><br><br><code>b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33410">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:30">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44678 ‼</strong><br><br><code>An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor&apos;s security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33411">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:31">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-40091 ‼</strong><br><br><code>An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33412">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:33">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-31631 ‼</strong><br><br><code>b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31631">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33413">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:33">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36564 ‼</strong><br><br><code>ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33414">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:35">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36567 ‼</strong><br><br><code>ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33415">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:36">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44682 ‼</strong><br><br><code>An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor&apos;s security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33416">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:37">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44677 ‼</strong><br><br><code>An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor&apos;s security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33417">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:39">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37298 ‼</strong><br><br><code>Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37298">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33418">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:41">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44681 ‼</strong><br><br><code>An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor&apos;s security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33419">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:42">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-4075 ‼</strong><br><br><code>snipe-it is vulnerable to Server-Side Request Forgery (SSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33420">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:43">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-40313 ‼</strong><br><br><code>Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33421">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:45">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44679 ‼</strong><br><br><code>An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor&apos;s security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33422">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:22:46">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44680 ‼</strong><br><br><code>An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor&apos;s security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33423">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 20:29:30">
20:29
       </div>

       <div class="text">
<strong>🕴 MITRE Engenuity &amp; Cybrary Surpass 25,000 Users in MITRE ATT&amp;CK Defender Certification Program 🕴</strong><br><br><code>The program helps close the skill gap to enable defenders to gain the advantage over cyber adversaries.</code><br><br><a href="https://www.darkreading.com/operations/mitre-engenuity-cybrary-surpass-25-000-users-in-mitre-att-ck-defender-certification-program">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33424">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 22:21:05">
22:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44684 ‼</strong><br><br><code>naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44684">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33425">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 22:21:06">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44685 ‼</strong><br><br><code>Git-it through 4.4.0 allows OS command injection at the Branches Aren&apos;t Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33426">

      <div class="body">

       <div class="pull_right date details" title="06.12.2021 22:21:07">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44686 ‼</strong><br><br><code>calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-975">

      <div class="body details">
7 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33427">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 07:42:58">
07:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ SSRF vulnerability patched in Jamf Pro mobile security platform 🗓️</strong><br><br><code>Apple MDM service forced to execute arbitrary web requests</code><br><br><a href="https://portswigger.net/daily-swig/ssrf-vulnerability-patched-in-jamf-pro-mobile-security-platform">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33428">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 09:08:06">
09:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 You can learn coding, 3D animation, cybersecurity and more with this e-learning bundle 🦿</strong><br><br><code>Get access to certification trainings, tech classes, art lessons and much more. You&apos;ll get lifetime access, so you can learn whenever you have the time.</code><br><br><a href="https://www.techrepublic.com/article/you-can-learn-coding-3d-animation-cybersecurity-and-more-with-this-e-learning-bundle/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33429">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:21:36">
10:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28703 ‼</strong><br><br><code>grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33430">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:21:37">
10:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-4049 ‼</strong><br><br><code>livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33431">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:21:38">
10:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-29116 ‼</strong><br><br><code>A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33432">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:21:40">
10:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-29114 ‼</strong><br><br><code>A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33433">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:21:41">
10:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-29115 ‼</strong><br><br><code>An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33434">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:26:35">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-29113 ‼</strong><br><br><code>A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33435">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 10:30:14">
10:30
       </div>

       <div class="text">
<strong>❌ SolarWinds Attackers Spotted Using New Tactics, Malware ❌</strong><br><br><code>One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.</code><br><br><a href="https://threatpost.com/solarwinds-attackers-new-tactics-malware/176818/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33436">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:40">
12:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44187 ‼</strong><br><br><code>Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33437">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:41">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42133 ‼</strong><br><br><code>An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33438">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:42">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-40095 ‼</strong><br><br><code>An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40095">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33439">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:42">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-27413 ‼</strong><br><br><code>An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27413">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33440">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:43">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-22955 ‼</strong><br><br><code>A unauthenticated denial of service vulnerability exists in Citrix ADC &lt;13.0-83.27, &lt;12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33441">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:47">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42127 ‼</strong><br><br><code>A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33442">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:48">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42128 ‼</strong><br><br><code>An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33443">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:49">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42126 ‼</strong><br><br><code>An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33444">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:50">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44527 ‼</strong><br><br><code>A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33445">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:51">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42130 ‼</strong><br><br><code>A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33446">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:55">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44186 ‼</strong><br><br><code>Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33447">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:56">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42131 ‼</strong><br><br><code>A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33448">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:57">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-40092 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33449">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:57">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42124 ‼</strong><br><br><code>An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33450">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:21:58">
12:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-40093 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40093">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33451">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:22:02">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42125 ‼</strong><br><br><code>An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33452">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:22:03">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42129 ‼</strong><br><br><code>A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33453">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:22:04">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42132 ‼</strong><br><br><code>A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33454">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:22:05">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-40096 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40096">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33455">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:22:06">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-40094 ‼</strong><br><br><code>A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user&apos;s device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40094">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33456">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:31:02">
12:31
       </div>

       <div class="text">
<strong>🕴 Defending Against the Use of Deepfakes for Cyber Exploitation 🕴</strong><br><br><code>Deepfakes are increasingly concerning because they use AI to imitate human activities and can be used to augment social engineering attacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/defending-against-the-use-of-deepfakes-for-cyber-exploitation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33457">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:37:11">
12:37
       </div>

       <div class="text">
<strong>🦿 &quot;Hello Quantum World:&quot; New cybersecurity service uses entanglement to generate cryptographic keys 🦿</strong><br><br><code>The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.</code><br><br><a href="https://www.techrepublic.com/article/hello-quantum-world-new-cybersecurity-service-uses-entanglement-to-generate-cryptographic-keys/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33458">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 12:41:42">
12:41
       </div>

       <div class="text">
<strong>🗓️ Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchers’ disclosure 🗓️</strong><br><br><code>Two critical flaws addressed in cloud storage patch batch</code><br><br><a href="https://portswigger.net/daily-swig/critical-web-security-flaws-in-kaseya-unitrends-nbsp-backup-appliances-remediated-after-researchers-disclosure">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33459">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 13:22:38">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Drive-by RCE in Windows 10 ‘can be executed with a single click’ 🗓️</strong><br><br><code>Underlying security vulnerability is still present in popular OS, researchers warn</code><br><br><a href="https://portswigger.net/daily-swig/drive-by-rce-in-windows-10-can-be-executed-with-a-single-click">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33460">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 13:37:45">
13:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How and why people use password managers 🦿</strong><br><br><code>Password managers provide a more effective way to stay secure online but are still underutilized, says Security.org.</code><br><br><a href="https://www.techrepublic.com/article/how-and-why-people-use-password-managers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33461">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:45">
14:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37046 ‼</strong><br><br><code>There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33462">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:46">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37047 ‼</strong><br><br><code>There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33463">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:47">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37055 ‼</strong><br><br><code>There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33464">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:48">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37038 ‼</strong><br><br><code>There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33465">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:49">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37042 ‼</strong><br><br><code>There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33466">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:50">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37056 ‼</strong><br><br><code>There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33467">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:21:51">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-19611 ‼</strong><br><br><code>Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33468">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:23:39">
14:23
       </div>

       <div class="text">
<strong>🗓️ Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover 🗓️</strong><br><br><code>Misaligned incentives are undermining efforts to tackle TLD bugs with ‘mass-scale impact’</code><br><br><a href="https://portswigger.net/daily-swig/flaws-in-tongas-top-level-domain-left-google-amazon-tether-web-services-vulnerable-to-takeover">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33469">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:27:50">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-37041 ‼</strong><br><br><code>There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33470">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:30:52">
14:30
       </div>

       <div class="text">
<strong>❌ Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators ❌</strong><br><br><code>The malware&apos;s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.</code><br><br><a href="https://threatpost.com/google-glupteba-botnet-lawsuit/176826/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33471">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:33:54">
14:33
       </div>

       <div class="text">
<strong>⚠ Firefox update brings a whole new sort of security sandbox ⚠</strong><br><br><code>Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/07/firefox-update-brings-a-whole-new-sort-of-security-sandbox/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33472">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 14:33:55">
14:33
       </div>

       <div class="text">
<strong>⚠ Cryptocurrency startup fails to subtract before adding, loses $31m ⚠</strong><br><br><code>Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn&apos;t take away 42. How much is left?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/06/cryptocurrency-startup-fails-to-subtract-before-adding-loses-31m/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33473">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 15:37:18">
15:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How employee burnout may be putting your organization at risk 🦿</strong><br><br><code>With pandemic-induced pressures impacting many employees, burnout can easily lead to security risks, says 1Password.</code><br><br><a href="https://www.techrepublic.com/article/how-employee-burnout-may-be-putting-your-organization-at-risk/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33474">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:49">
16:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37062 ‼</strong><br><br><code>There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33475">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:50">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37094 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37094">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33476">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:51">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37077 ‼</strong><br><br><code>There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37077">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33477">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:52">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37068 ‼</strong><br><br><code>There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33478">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:52">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37086 ‼</strong><br><br><code>There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33479">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:56">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37079 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33480">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:57">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37064 ‼</strong><br><br><code>There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33481">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:58">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37020 ‼</strong><br><br><code>There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33482">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:21:59">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37081 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37081">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33483">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:00">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37095 ‼</strong><br><br><code>There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37095">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33484">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:04">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37099 ‼</strong><br><br><code>There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37099">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33485">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:05">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37061 ‼</strong><br><br><code>There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33486">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:06">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37096 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37096">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33487">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:07">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43176 ‼</strong><br><br><code>The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “actionâ€� parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33488">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:07">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43789 ‼</strong><br><br><code>PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33489">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:11">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43175 ‼</strong><br><br><code>The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33490">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:12">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37091 ‼</strong><br><br><code>There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33491">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:13">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37014 ‼</strong><br><br><code>There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33492">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:14">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37100 ‼</strong><br><br><code>There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37100">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33493">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:22:15">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43805 ‼</strong><br><br><code>Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order&apos;s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43805">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33494">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 16:36:24">
16:36
       </div>

       <div class="text">
<strong>🕴 5 Ways GRC &amp; Security Can Partner to Reduce Insider Risk 🕴</strong><br><br><code>In 2022, data governance, risk, and compliance (GRC) and security need to partner to implement a modern approach to data protection: insider risk management.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/5-ways-grc-security-can-partner-to-reduce-insider-risk">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33495">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 17:30:26">
17:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Windows 10 Drive-By RCE Triggered by Default URI Handler ❌</strong><br><br><code>There&apos;s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.</code><br><br><a href="https://threatpost.com/windows-10-rce-url-handler/176830/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33496">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 17:30:27">
17:30
       </div>

       <div class="text">
<strong>❌ When Scammers Get Scammed, They Take It to Cybercrime Court ❌</strong><br><br><code>Underground arbitration system settles disputes between cybercriminals.</code><br><br><a href="https://threatpost.com/scammers-cybercrime-court/176834/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33497">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:09">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43003 ‼</strong><br><br><code>Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient &lt;= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33498">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:10">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42977 ‼</strong><br><br><code>NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33499">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:12">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2020-12140 ‼</strong><br><br><code>A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33500">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:13">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42990 ‼</strong><br><br><code>FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33501">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:14">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-40859 ‼</strong><br><br><code>Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33502">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:15">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43006 ‼</strong><br><br><code>AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools &lt;= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33503">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:15">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42980 ‼</strong><br><br><code>NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33504">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:16">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42976 ‼</strong><br><br><code>NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33505">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:17">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42994 ‼</strong><br><br><code>Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33506">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:18">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37940 ‼</strong><br><br><code>An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33507">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:22">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42986 ‼</strong><br><br><code>NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33508">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:23">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-40288 ‼</strong><br><br><code>A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40288">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33509">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:24">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43798 ‼</strong><br><br><code>Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `&lt;grafana_host_url&gt;/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43798">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33510">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:25">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42993 ‼</strong><br><br><code>FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33511">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:26">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24041 ‼</strong><br><br><code>A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33512">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:30">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42973 ‼</strong><br><br><code>NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33513">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:31">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42979 ‼</strong><br><br><code>NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33514">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:32">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42987 ‼</strong><br><br><code>Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33515">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:33">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41716 ‼</strong><br><br><code>Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33516">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:22:34">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43000 ‼</strong><br><br><code>Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient &lt;= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33517">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:36:32">
18:36
       </div>

       <div class="text">
<strong>🕴 Cerberus Sentinel Announces Acquisition of Arkavia Networks 🕴</strong><br><br><code>U.S. cybersecurity services firm expands internationally into Latin America.</code><br><br><a href="https://www.darkreading.com/operations/cerberus-sentinel-announces-acquisition-of-arkavia-networks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33518">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 18:36:33">
18:36
       </div>

       <div class="text">
<strong>🕴 DigiCert Advances Passwordless Authentication with Support for Windows Hello for Business 🕴</strong><br><br><code>Managing Windows Hello hybrid certificate trust model on DigiCert PKI platform streamlines enterprise passwordless authentication and access, an industry first for public Certification Authorities (CAs).</code><br><br><a href="https://www.darkreading.com/endpoint/digicert-advances-passwordless-authentication-with-support-for-windows-hello-for-business">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33519">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 19:36:41">
19:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Rubrik&apos;s New Managed Service Protects Data from Ransomware Attacks 🕴</strong><br><br><code>Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.</code><br><br><a href="https://www.darkreading.com/dr-tech/rubrik-managed-service-protects-data-from-ransomware-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33520">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 19:36:42">
19:36
       </div>

       <div class="text">
<strong>🕴 Virtual-Network Vulnerability Found in AWS, Other Clouds 🕴</strong><br><br><code>The privilege-escalation flaws affect Amazon WorkSpaces and more than a dozen services that use a particular implementation of USB over Ethernet.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/virtual-network-vulnerability-found-in-aws-other-clouds">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33521">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:12:31">
20:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google Disrupts Botnet Targeting Windows Machines 🕴</strong><br><br><code>The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/google-disrupts-botnet-targeting-windows-machines">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33522">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:22:56">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-44148 ‼</strong><br><br><code>GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33523">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:22:57">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42687 ‼</strong><br><br><code>A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33524">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:22:57">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-28680 ‼</strong><br><br><code>The devise_masquerade gem before 1.3 allows certain attacks when a password&apos;s salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the &quot;back&quot; action will go back to without knowing that user&apos;s password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33525">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:22:58">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2020-27356 ‼</strong><br><br><code>The debug-meta-data plugin 1.1.2 for WordPress allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33526">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:22:59">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-34544 ‼</strong><br><br><code>An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34544">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33527">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:03">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-34543 ‼</strong><br><br><code>The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34543">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33528">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:04">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36133 ‼</strong><br><br><code>The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33529">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:05">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36760 ‼</strong><br><br><code>In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33530">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:06">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42685 ‼</strong><br><br><code>An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . The IOCTL Handler 0x22005B in the Accops HyWorks DVM Tools prior to v3.3.1.105 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33531">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:07">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42686 ‼</strong><br><br><code>An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33532">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:11">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42688 ‼</strong><br><br><code>An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33533">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:12">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42717 ‼</strong><br><br><code>ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33534">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:13">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40578 ‼</strong><br><br><code>Authenticated Blind &amp; Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33535">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:14">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38759 ‼</strong><br><br><code>Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38759">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33536">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:15">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42683 ‼</strong><br><br><code>A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33537">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:19">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42567 ‼</strong><br><br><code>Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33538">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:20">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43963 ‼</strong><br><br><code>An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43963">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33539">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:21">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42681 ‼</strong><br><br><code>A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33540">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:22">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42682 ‼</strong><br><br><code>An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33541">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:23:23">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43810 ‼</strong><br><br><code>Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43810">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33542">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 20:45:09">
20:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security 🕴</strong><br><br><code>More than two-Thirds (69%) of respondents believe an attack on their storage &amp; backup environment will have &quot;significant&quot; or &quot;catastrophic&quot; impact.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-financial-services-industry-report-reveals-major-gaps-in-storage-and-backup-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33543">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:14">
22:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 More than 90% of IT decision makers reuse passwords 📢</strong><br><br><code>Bitwarden survey also finds that half of IT professionals share their passwords with colleagues</code><br><br><a href="https://www.itpro.co.uk/security/361695/over-90-of-it-decision-makers-reuse-passwords">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33544">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:15">
22:18
       </div>

       <div class="text">
<strong>📢 Access brokers are making it easier for ransomware operators to attack businesses 📢</strong><br><br><code>A new business model has been uncovered that makes it much easier for attackers to gain access to business&apos; networks</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361705/access-brokers-are-making-it-easier-for-ransomware-operators-to">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33545">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:16">
22:18
       </div>

       <div class="text">
<strong>📢 UK and Singapore align closer on digital trade 📢</strong><br><br><code>Three agreements have been signed which focus on facilitating digital trade, cyber security, and digital identities between the two nations</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361704/uk-and-singapore-align-closer-on-digital-trade">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33546">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:17">
22:18
       </div>

       <div class="text">
<strong>📢 What is SSID? 📢</strong><br><br><code>We look at what SSID is and how it is used to connect devices to the internet</code><br><br><a href="https://www.itpro.co.uk/broadband/30390/what-is-ssid">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33547">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:18">
22:18
       </div>

       <div class="text">
<strong>📢 What is single sign-on (SSO)? 📢</strong><br><br><code>We explain how SSO works and why you need it</code><br><br><a href="https://www.itpro.co.uk/security/single-sign-on-sso/361728/what-is-single-sign-on-sso">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33548">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:22">
22:18
       </div>

       <div class="text">
<strong>📢 RNLI takes website offline after suspected cyber attack 📢</strong><br><br><code>The charity has not linked the incident to the recent pressure campaign from Britain First</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361758/rnli-takes-website-offline-after-suspected-cyber-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33549">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:23">
22:18
       </div>

       <div class="text">
<strong>📢 How to boot Windows 11 in Safe Mode 📢</strong><br><br><code>Unless you’re a complete Windows 11 novice, you’ll have come across Safe Mode before - but what exactly is it, and how do you access it in Windows 11?</code><br><br><a href="https://www.itpro.co.uk/operating-systems/microsoft-windows/361662/how-to-boot-windows-11-in-safe-mode">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33550">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:23">
22:18
       </div>

       <div class="text">
<strong>📢 IT Pro 20/20: The problem with diversity in cyber security leadership 📢</strong><br><br><code>Why failing to address a shortage of women in senior roles puts businesses at risk - issue 23 is available to download now</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361714/it-pro-2020-the-problem-with-diversity-in-cyber-security-leadership">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33551">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:25">
22:18
       </div>

       <div class="text">
<strong>📢 Data protection policies and procedures 📢</strong><br><br><code>Why your company needs them, and what they should include</code><br><br><a href="https://www.itpro.co.uk/data-protection/28177/data-protection-policies-and-procedures">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33552">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:25">
22:18
       </div>

       <div class="text">
<strong>📢 BitMart suspends withdrawals following hack 📢</strong><br><br><code>Hackers managed to get away with at least $150 million (£113 million) in cryptocurrencies</code><br><br><a href="https://www.itpro.co.uk/technology/cryptocurrencies/361757/bitmart-suspends-withdrawals-following-hack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33553">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:29">
22:18
       </div>

       <div class="text">
<strong>📢 IT Pro News In Review: Cyber attack at Ikea, Meta ordered to sell Giphy, new Twitter CEO 📢</strong><br><br><code>Catch up on the biggest headlines of the week in just two minutes</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361737/it-pro-news-in-review-ikea-meta-giphy-twitter-ceo">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33554">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:30">
22:18
       </div>

       <div class="text">
<strong>📢 Meta makes 2FA mandatory for high-risk users 📢</strong><br><br><code>Journalists and activists must adopt extra protective measure under new rule</code><br><br><a href="https://www.itpro.co.uk/security/two-factor-authentication-2fa/361731/meta-makes-2fa-mandatory-for-high-risk-users">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33555">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:31">
22:18
       </div>

       <div class="text">
<strong>📢 Bridging the DevSecOps divide: Spotlight on zero trust 📢</strong><br><br><code>Security at the forefront</code><br><br><a href="https://www.itpro.co.uk/development/devops/361752/bridging-devsecops-divide-spotlight-zero-trust">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33556">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:32">
22:18
       </div>

       <div class="text">
<strong>📢 Researchers warn of increase in attacks against Zoho software 📢</strong><br><br><code>It&apos;s believed as much as 62% of Zoho instances globally are using vulnerable software versions</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361739/researchers-warn-increase-attacks-zoho-software">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33557">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:33">
22:18
       </div>

       <div class="text">
<strong>📢 How to fix the Blue Screen of Death (BSOD) error in Windows 11 📢</strong><br><br><code>Encountering Windows&apos; dreaded BSOD error is never fun, but it&apos;s possible to diagnose the problem with a few simple steps</code><br><br><a href="https://www.itpro.co.uk/operating-systems/microsoft-windows/361713/how-to-fix-blue-screen-error-bsod-windows-11">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33558">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:37">
22:18
       </div>

       <div class="text">
<strong>📢 IDC: The business value of VMware NSX Advanced Load Balancer 📢</strong><br><br><code>A study of enterprises using next-generation application delivery</code><br><br><a href="https://www.itpro.co.uk/software/enterprise-applications/360944/idc-the-business-value-of-avi-vantage">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33559">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:38">
22:18
       </div>

       <div class="text">
<strong>📢 What is network forensics? 📢</strong><br><br><code>Taking a closer look at how cyber threats are investigated at a network level</code><br><br><a href="https://www.itpro.co.uk/cyber-attacks/31660/what-is-network-forensics">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33560">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:39">
22:18
       </div>

       <div class="text">
<strong>📢 Over 300,000 Android users downloaded banking trojan malware 📢</strong><br><br><code>Hackers defeated Google Play restrictions by using smaller droppers in apps and eliminating permissions needed</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361693/android-banking-trojan-infects-300000-devices">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33561">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:40">
22:18
       </div>

       <div class="text">
<strong>📢 Ubiquiti data breach orchestrated by “trusted insider”, says DoJ 📢</strong><br><br><code>Software engineer Nickolas Sharp faces 37 years in prison for allegedly exploiting his access credentials to extort his employer</code><br><br><a href="https://www.itpro.co.uk/security/data-breaches/361719/ubiquiti-data-breach-orchestrated-by-trusted-insider-says-doj">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33562">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:18:41">
22:18
       </div>

       <div class="text">
<strong>📢 UK gov criticised after £5bn in Bounce Back Loans paid to fraudsters 📢</strong><br><br><code>A National Audit Office report has also branded plans to recover 0.1% of stolen funds &quot;inadequate&quot;</code><br><br><a href="https://www.itpro.co.uk/business-strategy/smb/361740/uk-gov-criticised-after-bounce-back-loans-paid-fraudsters">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33563">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:21:16">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44420 ‼</strong><br><br><code>In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33564">

      <div class="body">

       <div class="pull_right date details" title="07.12.2021 22:21:17">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-43808 ‼</strong><br><br><code>Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-976">

      <div class="body details">
8 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33565">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:41">
08:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20047 ‼</strong><br><br><code>SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33566">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:42">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20038 ‼</strong><br><br><code>A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server&apos;s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a &apos;nobody&apos; user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33567">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:44">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20040 ‼</strong><br><br><code>A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a &apos;nobody&apos; user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33568">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:45">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20044 ‼</strong><br><br><code>A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33569">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:46">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20039 ‼</strong><br><br><code>Improper neutralization of special elements in the SMA100 management interface &apos;/cgi-bin/viewcert&apos; POST http method allows a remote authenticated attacker to inject arbitrary commands as a &apos;nobody&apos; user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33570">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:48">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20043 ‼</strong><br><br><code>A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33571">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:49">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20045 ‼</strong><br><br><code>A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the &apos;nobody&apos; user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33572">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:51">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20041 ‼</strong><br><br><code>An unauthenticated and remote adversary can consume all of the device&apos;s CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33573">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 08:23:52">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20042 ‼</strong><br><br><code>An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33574">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:01:00">
12:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Emotet’s Behavior &amp; Spread Are Omens of Ransomware Attacks ❌</strong><br><br><code>The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.</code><br><br><a href="https://threatpost.com/emotets-behavior-spread-are-omens-of-ransomware-attacks/176845/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33575">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:04:01">
12:04
       </div>

       <div class="text">
<strong>🕴 5 Tips to Stay on the Offensive and Safeguard Your Attack Surface 🕴</strong><br><br><code>New, global-scale attacks aren&apos;t a security problem; they&apos;re a big data problem requiring a data-led solution.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/5-tips-to-stay-on-the-offensive-and-safeguard-your-attack-surface">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33576">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:38">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43064 ‼</strong><br><br><code>A url redirection to untrusted site (&apos;open redirect&apos;) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33577">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:39">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43063 ‼</strong><br><br><code>A improper neutralization of input during web page generation (&apos;cross-site scripting&apos;) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33578">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:40">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41014 ‼</strong><br><br><code>A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33579">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:40">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36191 ‼</strong><br><br><code>A url redirection to untrusted site (&apos;open redirect&apos;) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33580">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:41">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41015 ‼</strong><br><br><code>A improper neutralization of input during web page generation (&apos;cross-site scripting&apos;) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33581">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:45">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41024 ‼</strong><br><br><code>A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33582">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:46">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-26109 ‼</strong><br><br><code>An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33583">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:47">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41027 ‼</strong><br><br><code>A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33584">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:48">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36190 ‼</strong><br><br><code>A unintended proxy or intermediary (&apos;confused deputy&apos;) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33585">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:22:49">
12:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-26108 ‼</strong><br><br><code>A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26108">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33586">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 12:37:44">
12:37
       </div>

       <div class="text">
<strong>🦿 Telemedicine: Doctors and patients are both worried about privacy and data security 🦿</strong><br><br><code>Kaspersky survey finds 34% of telehealth providers admit to a wrong diagnosis due to poor video or photo quality.</code><br><br><a href="https://www.techrepublic.com/article/telemedicine-doctors-and-patients-are-both-worried-about-privacy-and-data-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33587">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 13:04:23">
13:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Firefox update brings a whole new sort of security sandbox ⚠</strong><br><br><code>Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/07/firefox-update-brings-a-whole-new-sort-of-security-sandbox/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33588">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 13:07:43">
13:07
       </div>

       <div class="text">
<strong>🦿 Cybersecurity: Organizations face key obstacles in adopting zero trust 🦿</strong><br><br><code>Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-organizations-face-key-obstacles-in-adopting-zero-trust/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33589">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 13:11:13">
13:11
       </div>

       <div class="text">
<strong>🛠 ETS5 Password Recovery Tool 🛠</strong><br><br><code>ETS Password Recovery Tool allows you to recover passwords for an ETS5 project. This is due to a significant design flaw as ETS5 uses a hard-coded password and salt to encrypt the project information.</code><br><br><a href="https://packetstormsecurity.com/files/165200/ets5-password-recovery-main.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33590">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 13:49:32">
13:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ US Department of Homeland Security heeds calls for tougher transport cybersecurity rules 🗓️</strong><br><br><code>TSA issues mandatory requirements for ‘high-risk’ rail infrastructure</code><br><br><a href="https://portswigger.net/daily-swig/us-department-of-homeland-security-heeds-calls-for-tougher-transport-cybersecurity-rules">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33591">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:41">
14:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41450 ‼</strong><br><br><code>An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41450">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33592">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:42">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25521 ‼</strong><br><br><code>Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25521">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33593">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:43">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25524 ‼</strong><br><br><code>Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33594">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:44">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37097 ‼</strong><br><br><code>There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33595">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:45">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25513 ‼</strong><br><br><code>An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33596">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:49">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37069 ‼</strong><br><br><code>There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33597">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:50">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25512 ‼</strong><br><br><code>An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33598">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:51">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37050 ‼</strong><br><br><code>There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33599">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:52">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37054 ‼</strong><br><br><code>There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37054">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33600">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:53">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25518 ‼</strong><br><br><code>An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25518">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33601">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:57">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25511 ‼</strong><br><br><code>An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25511">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33602">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:57">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-25510 ‼</strong><br><br><code>An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25510">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33603">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:58">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37037 ‼</strong><br><br><code>There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33604">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:22:59">
14:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42110 ‼</strong><br><br><code>An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33605">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:23:00">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40860 ‼</strong><br><br><code>A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33606">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:23:04">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-25514 ‼</strong><br><br><code>An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25514">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33607">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:23:05">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-25515 ‼</strong><br><br><code>An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25515">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33608">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:23:06">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-25525 ‼</strong><br><br><code>Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25525">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33609">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:23:07">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37049 ‼</strong><br><br><code>There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33610">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 14:23:08">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37053 ‼</strong><br><br><code>There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33611">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 15:02:48">
15:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why Cloud Service Providers Are a Single Point of Failure 🕴</strong><br><br><code>In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.</code><br><br><a href="https://www.darkreading.com/cloud/why-cloud-service-providers-are-a-single-point-of-failure">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33612">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:06:12">
16:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK ❌</strong><br><br><code>Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that […]</code><br><br><a href="https://threatpost.com/aws-cloud-services-flaws-eltima/176852/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33613">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:46">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41021 ‼</strong><br><br><code>A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33614">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:47">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-3815 ‼</strong><br><br><code>utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (&apos;Prototype Pollution&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33615">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:48">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41013 ‼</strong><br><br><code>An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log &amp; Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33616">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:49">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-27860 ‼</strong><br><br><code>A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33617">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:50">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41063 ‼</strong><br><br><code>SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33618">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:51">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41030 ‼</strong><br><br><code>An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33619">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:52">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36188 ‼</strong><br><br><code>A improper neutralization of input during web page generation (&apos;cross-site scripting&apos;) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33620">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:22:53">
16:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41090 ‼</strong><br><br><code>Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to reach these endpoints. If HTTPS with client authentication is not configured, these endpoints are accessible to unauthenticated users. Secrets found in these sections are used for delivering metrics to a Prometheus Remote Write system, authenticating against a system for discovering Prometheus targets, and authenticating against a system for collecting metrics. This does not apply for non-inlined secrets, such as `*_file` based secrets. This issue is patched in Grafana Agent versions 0.20.1 and 0.21.2. A few workarounds are available. Users who cannot upgrade should use non-inline secrets where possible. Users may also desire to restrict API access to Grafana Agent with some combination of restricting the network interfaces Grafana Agent listens on through `http_listen_address` in the `server` block, configuring Grafana Agent to use HTTPS with client authentication, and/or using firewall rules to restrict external access to Grafana Agent&apos;s API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41090">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33621">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:39:50">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 New Michigan Bill Would Protect Personal Data 🔏</strong><br><br><code>While not sweeping, new legislation recently introduced in Michigan would push businesses to establish and maintain a written cybersecurity program to protect personal information.</code><br><br><a href="https://digitalguardian.com/blog/new-michigan-bill-would-protect-personal-data">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33622">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:48:35">
16:48
       </div>

       <div class="text">
<strong>📢 Chrome vs Firefox vs Microsoft Edge 📢</strong><br><br><code>We put the web&apos;s three most popular browsers head-to-head</code><br><br><a href="https://www.itpro.co.uk/web-browsers/24796/best-browser-2021-chrome-vs-edge-vs-firefox">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33623">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:48:36">
16:48
       </div>

       <div class="text">
<strong>📢 Modern governance: The how-to guide 📢</strong><br><br><code>Equipping organisations with the right tools for business resilience</code><br><br><a href="https://www.itpro.co.uk/policy-legislation/it-governance/361792/modern-governance-the-how-to-guide">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33624">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:48:37">
16:48
       </div>

       <div class="text">
<strong>📢 Microsoft launches Secured-core servers to combat ransomware 📢</strong><br><br><code>Previously debuting on Windows PCs in 2019, the Secured-core initiative has reached servers in a bid to better protect infrastructure from cyber attacks like ransomware</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361781/microsoft-launches-secured-core-servers-to-combat-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33625">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:48:38">
16:48
       </div>

       <div class="text">
<strong>📢 Google files lawsuit against Russian botnet operators 📢</strong><br><br><code>The Glupteba botnet infected approximately one million Windows machines to steal data and mine cryptocurrencies</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361778/google-sues-russian-hackers-glupteba-botnet">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33626">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 16:48:39">
16:48
       </div>

       <div class="text">
<strong>📢 One in eight Americans would fall victim to a phishing attack 📢</strong><br><br><code>Phishing remains an effective attach mechanism, finds global test</code><br><br><a href="https://www.itpro.co.uk/security/phishing/361774/one-in-eight-americans-would-fall-victim-to-phishing-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33627">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 17:04:30">
17:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Trickbot-Infected Machines Drop Emotet Samples 🕴</strong><br><br><code>It&apos;s reportedly the first time this has happened since the takedown of Emotet in January 2021, say the researchers who made the discovery.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/trickbot-infected-machines-drop-emotet-samples">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33628">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 17:04:31">
17:04
       </div>

       <div class="text">
<strong>🕴 How Do I Empower a Remote Workforce Without Compromising Security? 🕴</strong><br><br><code>To transition to a zero-trust architecture, focus on doing the things that offer the most value.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/how-do-i-empower-a-remote-workforce-without-compromising-security-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33629">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 17:18:08">
17:18
       </div>

       <div class="text">
<strong>🗓️ GOautodial vulnerabilities put call center network security on the line 🗓️</strong><br><br><code>Now-patched bugs were easy to exploit, but required prior authentication/network access</code><br><br><a href="https://portswigger.net/daily-swig/goautodial-vulnerabilities-put-call-center-network-security-on-the-line">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33630">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 17:36:14">
17:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Moobot Botnet Chews Up Hikvision Surveillance Systems ❌</strong><br><br><code>Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.</code><br><br><a href="https://threatpost.com/moobot-botnet-hikvision-surveillance-systems/176879/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33631">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 17:41:11">
17:41
       </div>

       <div class="text">
<strong>🦿 Prepare to take the CISSP certification exam that can turbocharge your cybersecurity career 🦿</strong><br><br><code>If you are a cybersecurity professional with at least five years of experience, you can take the exam that will boost your career with an elite certification. Here&apos;s a great way to prepare.</code><br><br><a href="https://www.techrepublic.com/article/prepare-to-take-the-cissp-certification-exam-that-can-turbocharge-your-cybersecurity-career/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33632">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 17:41:12">
17:41
       </div>

       <div class="text">
<strong>🦿 The new Firefox 95 might be the most secure web browser on the market 🦿</strong><br><br><code>The latest version of Firefox is now available and includes an important step forward for web browser security.</code><br><br><a href="https://www.techrepublic.com/article/the-new-firefox-95-might-be-the-most-secure-web-browser-on-the-market/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33633">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:22:53">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43399 ‼</strong><br><br><code>The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43399">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33634">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:22:53">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36719 ‼</strong><br><br><code>PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33635">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:22:54">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43809 ‼</strong><br><br><code>`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`&apos;s, it is not expected that they lead to execution of external code, unless that&apos;s explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`&apos;s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33636">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:22:55">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2020-27416 ‼</strong><br><br><code>Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33637">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:22:56">
18:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36195 ‼</strong><br><br><code>Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36195">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33638">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:23:00">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43978 ‼</strong><br><br><code>Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33639">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:23:01">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41017 ‼</strong><br><br><code>Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33640">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:23:02">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41025 ‼</strong><br><br><code>Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33641">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:23:03">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36173 ‼</strong><br><br><code>A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33642">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:23:04">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36720 ‼</strong><br><br><code>PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=&lt;script&gt;alert(1)&lt;/script&gt; and stealing cookies .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36720">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33643">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 18:23:08">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36718 ‼</strong><br><br><code>SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc&apos;) The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33644">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 19:36:20">
19:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Malicious npm Code Packages Built for Hijacking Discord Servers ❌</strong><br><br><code>The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.</code><br><br><a href="https://threatpost.com/malicious-npm-code-packages-discord/176886/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33645">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:03:06">
20:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Stop Hackers From Turning Your Systems Against You 🕴</strong><br><br><code>Cybercriminals are increasingly adopting &quot;living-off-the-land’ techniques, leveraging commonly used tools to fly under the radar of conventional detection tools. But with AI, thousands of organizations have regained the upper hand.</code><br><br><a href="https://www.darkreading.com/dr-tech/how-to-stop-hackers-from-turning-your-systems-against-you">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33646">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:23:51">
20:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43527 ‼</strong><br><br><code>NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS &lt; 3.73 and NSS &lt; 3.68.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33647">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:23:52">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21951 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33648">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:23:53">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38505 ‼</strong><br><br><code>Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user&apos;s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38505">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33649">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:23:54">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43531 ‼</strong><br><br><code>When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox &lt; 94.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43531">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33650">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:23:55">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21957 ‼</strong><br><br><code>A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33651">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:23:59">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43530 ‼</strong><br><br><code>A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 94.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43530">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33652">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:00">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43545 ‼</strong><br><br><code>Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43545">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33653">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:01">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-38508 ‼</strong><br><br><code>By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38508">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33654">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:02">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-23859 ‼</strong><br><br><code>An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33655">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:04">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-38504 ‼</strong><br><br><code>When interacting with an HTML input element&apos;s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 94, Thunderbird &lt; 91.3, and Firefox ESR &lt; 91.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38504">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33656">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:07">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43528 ‼</strong><br><br><code>Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird &lt; 91.4.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33657">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:08">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43533 ‼</strong><br><br><code>When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox &lt; 94.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43533">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33658">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:10">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43542 ‼</strong><br><br><code>Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33659">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:12">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-23862 ‼</strong><br><br><code>A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33660">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:13">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-23860 ‼</strong><br><br><code>An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33661">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:15">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43539 ‼</strong><br><br><code>Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33662">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:17">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43544 ‼</strong><br><br><code>When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 95.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43544">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33663">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:19">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-21950 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33664">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:21">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-44529 ‼</strong><br><br><code>A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33665">

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 20:24:23">
20:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43546 ‼</strong><br><br><code>It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird &lt; 91.4.0, Firefox ESR &lt; 91.4.0, and Firefox &lt; 95.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33666">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 21:08:01">
21:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Android malware infected more than 300,000 devices with banking trojans 🦿</strong><br><br><code>The initial apps in Google Play were safe, but the creators found a way around the Play Store&apos;s protections to install malware on Android users&apos; devices. Here&apos;s how it happened and how to stay safe.</code><br><br><a href="https://www.techrepublic.com/article/android-malware-infected-more-than-300000-devices-with-banking-trojans/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33667">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 22:23:05">
22:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43811 ‼</strong><br><br><code>Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43811">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33668">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.12.2021 23:11:16">
23:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Canada Charges Its “Most Prolific Cybercriminal” ♟️</strong><br><br><code>A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as &quot;the most prolific cybercriminal we&apos;ve identified in Canada,&quot; but so far they&apos;ve released few other details about the investigation or the defendant. Helpfully, an email address and nickname apparently connected to the accused offer some additional clues.</code><br><br><a href="https://krebsonsecurity.com/2021/12/canada-charges-its-most-prolific-cybercriminal/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-977">

      <div class="body details">
9 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33669">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 10:23:47">
10:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3817 ‼</strong><br><br><code>wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33670">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 10:48:34">
10:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Grafana urges web devs to update following path traversal bug disclosure 🗓️</strong><br><br><code>‘With all good intentions, I had placed the Grafana team in a bit of a stressful situation’, researcher admits</code><br><br><a href="https://portswigger.net/daily-swig/grafana-urges-web-devs-to-update-following-path-traversal-bug-disclosure">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33671">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 11:03:59">
11:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Intel 471 Forms Tech Alliance With CyCognito 🕴</strong><br><br><code>Enterprises will see improved access to data and more relevant insights that will enable them to further strengthen their cybersecurity postures.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/intel-471-forms-tech-alliance-with-cycognito">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33672">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 11:04:00">
11:04
       </div>

       <div class="text">
<strong>🕴 (ISC)² Welcomes Students to Apply for its Undergraduate, Graduate, and Women&apos;s Cybersecurity Scholarships 🕴</strong><br><br><code>Scholarships are part of an effort to bridge the cybersecurity workforce gap.</code><br><br><a href="https://www.darkreading.com/careers-and-people/-isc-welcomes-students-to-apply-for-its-undergraduate-graduate-and-women-s-cybersecurity-scholarships">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33673">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 11:04:02">
11:04
       </div>

       <div class="text">
<strong>🕴 Zscaler Extends Zero Trust Exchange Platform to Deliver Zero Trust for Workloads 🕴</strong><br><br><code>Solution secures cloud-to-Internet, cloud-to-cloud, cloud-to-data center, and intra-cloud communications.</code><br><br><a href="https://www.darkreading.com/cloud/zscaler-extends-zero-trust-exchange-platform-to-deliver-zero-trust-for-workloads">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33674">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 11:34:04">
11:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 IRONSCALES Raises $64 Million in Series C Funding Round Led by PSG 🕴</strong><br><br><code>Investment aims to accelerate growth through continued product innovation and global expansion.</code><br><br><a href="https://www.darkreading.com/endpoint/-ironscales-raises-64-million-in-series-c-funding-round-led-by-psg">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33675">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 11:34:04">
11:34
       </div>

       <div class="text">
<strong>🕴 The Executive Women&apos;s Forum on Information Security, Risk Management &amp; Privacy Presents the Leadership Scholarship 🕴</strong><br><br><code>Scholarship&apos;s goal is to advance women in cybersecurity, risk, and privacy.</code><br><br><a href="https://www.darkreading.com/risk/the-executive-women-s-forum-on-information-security-risk-management-privacy-presents-the-leadership-scholarship">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33676">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 12:04:00">
12:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Build a Better Internal Fraud Protection Program 🕴</strong><br><br><code>Fraud awareness training is just the beginning.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/how-to-build-a-better-internal-fraud-protection-program">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33677">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 12:18:36">
12:18
       </div>

       <div class="text">
<strong>🗓️ US food importer Atalanta admits ransomware attack 🗓️</strong><br><br><code>Multiple questions remain about July data breach</code><br><br><a href="https://portswigger.net/daily-swig/us-food-importer-atalanta-admits-ransomware-attack">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33678">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 12:23:41">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22565 ‼</strong><br><br><code>An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33679">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 12:23:42">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41449 ‼</strong><br><br><code>A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41449">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33680">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 13:02:13">
13:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ How MikroTik Routers Became a Cybercriminal Target ❌</strong><br><br><code>The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.</code><br><br><a href="https://threatpost.com/mikrotik-routers-cybercriminal-target/176894/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33681">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 13:18:38">
13:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ OWASP ModSecurity Core Rule Set sandbox launched to help security researchers test new CVEs 🗓️</strong><br><br><code>Free-to-use feature can help users gauge whether the CRS protects against payloads</code><br><br><a href="https://portswigger.net/daily-swig/owasp-modsecurity-core-rule-set-sandbox-launched-to-help-security-researchers-test-new-cves">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33682">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:04:12">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 LastPass Announces New Integration with Google Workspace 🕴</strong><br><br><code>The latest integration furthers the company’s mission to provide an unmatched security model for businesses, without adding complexity for users.</code><br><br><a href="https://www.darkreading.com/cloud/lastpass-announces-new-integration-with-google-workspace">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33683">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:08:26">
14:08
       </div>

       <div class="text">
<strong>🦿 How a phishing campaign is able to exploit Microsoft Outlook 🦿</strong><br><br><code>Attackers can capitalize on a feature in Outlook that makes spoofed messages appear legitimate, says email security provider Avanan.</code><br><br><a href="https://www.techrepublic.com/article/how-a-phishing-campaign-is-able-to-exploit-microsoft-outlook/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33684">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:45">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20143 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33685">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:47">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41246 ‼</strong><br><br><code>Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33686">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:49">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20142 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33687">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:50">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40280 ‼</strong><br><br><code>An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40280">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33688">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:51">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41696 ‼</strong><br><br><code>An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41696">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33689">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:52">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-4038 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33690">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:52">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21955 ‼</strong><br><br><code>An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33691">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:53">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20139 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33692">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:54">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20146 ‼</strong><br><br><code>An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon&apos;s development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33693">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:58">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20140 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33694">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:23:59">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40279 ‼</strong><br><br><code>An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33695">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:00">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20138 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33696">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:00">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-21954 ‼</strong><br><br><code>A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33697">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:03">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20144 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33698">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:04">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-41694 ‼</strong><br><br><code>An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41694">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33699">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:06">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20145 ‼</strong><br><br><code>Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users&apos; devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims&apos; devices as though they were on an adjacent network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33700">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:08">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20137 ‼</strong><br><br><code>A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router&apos;s web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33701">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:09">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-20141 ‼</strong><br><br><code>An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33702">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:11">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-41697 ‼</strong><br><br><code>A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33703">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 14:24:13">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-41695 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33704">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 15:04:14">
15:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why the Private Sector Is Key to Stopping Russian Hacking Group APT29 🕴</strong><br><br><code>Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/why-the-private-sector-is-key-to-stopping-russian-hacking-group-apt29">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33705">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 15:04:15">
15:04
       </div>

       <div class="text">
<strong>⚠ S3 Ep62: The S in IoT stands for security (and much more) [Podcast+Transcript] ⚠</strong><br><br><code>Listen now or read as an article! (Full transcript inside.)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/09/s3-ep62-the-s-in-iot-stands-for-security-and-much-more-podcasttranscript/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33706">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 15:10:17">
15:10
       </div>

       <div class="text">
<strong>🦿 2021 marks another record year for security vulnerabilities 🦿</strong><br><br><code>The number of new security flaws recorded by NIST has already surpassed the total for 2020, the fifth record-breaking year in a row.</code><br><br><a href="https://www.techrepublic.com/article/2021-marks-another-record-year-for-security-vulnerabilities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33707">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 15:10:18">
15:10
       </div>

       <div class="text">
<strong>🦿 How to restrict server users to a specific directory in Linux 🦿</strong><br><br><code>Need to lock down that Linux server so certain remote users can only access a specific directory and only for file upload and download purposes? Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/article/how-to-restrict-server-users-to-a-specific-directory-in-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33708">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 15:34:14">
15:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 One-Third of Phishing Pages Gone in a Day 🕴</strong><br><br><code>Security experts say the first hours in a phishing page&apos;s life are the most dangerous for users.</code><br><br><a href="https://www.darkreading.com/endpoint/one-third-of-phishing-pages-gone-in-a-day">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33709">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 15:38:26">
15:38
       </div>

       <div class="text">
<strong>🦿 How to protect your business and its data during the 2021 holiday season 🦿</strong><br><br><code>It&apos;s the first year of major holiday travel in the post-pandemic remote work world. Here&apos;s what businesses can do to protect themselves from elevated holiday cybersecurity risks.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-your-business-and-its-data-during-the-2021-holiday-season/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33710">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:49">
16:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20373 ‼</strong><br><br><code>IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33711">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:51">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40282 ‼</strong><br><br><code>An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33712">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:52">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38926 ‼</strong><br><br><code>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33713">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:54">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29678 ‼</strong><br><br><code>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33714">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:55">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38931 ‼</strong><br><br><code>IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33715">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:57">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39002 ‼</strong><br><br><code>IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33716">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:58">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38951 ‼</strong><br><br><code>IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33717">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:58">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22568 ‼</strong><br><br><code>When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33718">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:23:59">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43703 ‼</strong><br><br><code>An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33719">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:24:03">
16:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-19682 ‼</strong><br><br><code>A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33720">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:24:05">
16:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-19683 ‼</strong><br><br><code>A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33721">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:24:07">
16:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-41265 ‼</strong><br><br><code>Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41265">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33722">

      <div class="body">

       <div class="pull_right date details" title="09.12.2021 16:24:09">
16:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40281 ‼</strong><br><br><code>An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40281">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-978">

      <div class="body details">
10 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33723">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 09:30:46">
09:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Human error bugs increasingly making a splash in hacker-powered pen tests – report 🗓️</strong><br><br><code>HackerOne study charts effects of digital transformation and cloud migration</code><br><br><a href="https://portswigger.net/daily-swig/human-error-bugs-increasingly-making-a-splash-in-hacker-powered-pen-tests-nbsp-report">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33724">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 10:05:16">
10:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Firefox Sandbox Isolates Third-Party Libraries 🕴</strong><br><br><code>RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries.</code><br><br><a href="https://www.darkreading.com/emerging-tech/new-firefox-sandbox-isolates-third-party-libraries">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33725">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 10:25:13">
10:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4084 ‼</strong><br><br><code>pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4084">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33726">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 10:25:14">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-4081 ‼</strong><br><br><code>pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4081">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33727">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 10:25:15">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-4082 ‼</strong><br><br><code>pimcore is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33728">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 10:32:45">
10:32
       </div>

       <div class="text">
<strong>❌ ‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware ❌</strong><br><br><code>The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.</code><br><br><a href="https://threatpost.com/extortion-karakurt-threat-ransomware/176911/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33729">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:00:50">
12:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ ‘Log4Shell’ vulnerability poses critical threat to applications using ‘ubiquitous’ Java logging package Apache Log4j 🗓️</strong><br><br><code>Wide range of enterprise software impacted by CVSS 10-rated bug</code><br><br><a href="https://portswigger.net/daily-swig/log4shell-vulnerability-poses-critical-threat-to-applications-using-ubiquitous-java-logging-package-apache-log4j">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33730">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:05:28">
12:05
       </div>

       <div class="text">
<strong>🕴 The Vulnerability Lag: Cut Ransomware Risks Resulting From Digital Transformation 🕴</strong><br><br><code>Exploring ransomware and other data integrity risks from accelerated digital transformation in the wake of COVID-19.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/the-vulnerability-lag-cut-ransomware-risks-resulting-from-digital-transformation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33731">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:12:51">
12:12
       </div>

       <div class="text">
<strong>🛠 nfstream 6.4.0 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/165236/nfstream-6.4.0.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33732">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:24:59">
12:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-37187 ‼</strong><br><br><code>An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users&apos; passwords.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33733">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:25:01">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37188 ‼</strong><br><br><code>An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33734">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:25:02">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40834 ‼</strong><br><br><code>A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33735">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:25:03">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37189 ‼</strong><br><br><code>An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33736">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 12:25:04">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35978 ‼</strong><br><br><code>An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33737">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 13:00:51">
13:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Russian man sentenced to prison for ‘crypting’ service that concealed malware from antivirus programs 🗓️</strong><br><br><code>Underground service promised to render malicious software fully undetectable by nearly every major antivirus provider</code><br><br><a href="https://portswigger.net/daily-swig/russian-man-sentenced-to-prison-for-crypting-service-that-concealed-malware-from-antivirus-programs">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33738">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 13:32:48">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites ❌</strong><br><br><code>Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.</code><br><br><a href="https://threatpost.com/active-attack-takeover-wordpress/176933/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33739">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 13:35:50">
13:35
       </div>

       <div class="text">
<strong>⚠ “Log4Shell” Java vulnerability – how to safeguard your servers ⚠</strong><br><br><code>Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache&apos;s Log4j product</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/10/log4shell-java-vulnerability-how-to-safeguard-your-servers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33740">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 14:05:32">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Dark Reading Reflects on a Legacy and Life Well-Written: Tim Wilson 🕴</strong><br><br><code>The Dark Reading editorial team, along with contributing writers and editors, share their favorite stories and memories of co-founder and editor-in-chief Tim Wilson, an influential editor and well-respected thought leader in the cybersecurity industry.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/dark-reading-reflects-on-a-legacy-and-life-well-written-tim-wilson">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33741">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 14:11:26">
14:11
       </div>

       <div class="text">
<strong>🔏 Friday Five 12/10 🔏</strong><br><br><code>Five things CIOs want from their CEOs, Google and Microsoft crack down on hackers, and how to prepare for forthcoming privacy laws - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-12/10">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33742">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 14:25:06">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3829 ‼</strong><br><br><code>openwhyd is vulnerable to URL Redirection to Untrusted Site</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33743">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 14:35:32">
14:35
       </div>

       <div class="text">
<strong>🕴 Identity Authentication Access Market Set to Hit $28.9B in 2021 🕴</strong><br><br><code>With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Market forecasts, drivers and trends are explored.</code><br><br><a href="https://www.darkreading.com/omdia/identity-authentication-access-market-set-to-hit-28-9b-in-2021">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33744">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 15:03:13">
15:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack ❌</strong><br><br><code>The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”</code><br><br><a href="https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33745">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:02:54">
16:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets ❌</strong><br><br><code>Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.</code><br><br><a href="https://threatpost.com/riot-games-job-fraud/176950/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33746">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:12">
16:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38917 ‼</strong><br><br><code>IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33747">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:13">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-31745 ‼</strong><br><br><code>Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33748">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:14">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-36911 ‼</strong><br><br><code>Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions &lt;= 1.0), could be exploited by users with Editor or higher role.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33749">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:15">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37935 ‼</strong><br><br><code>An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the &quot;isLdap&quot; JavaScript parameter in the HTML source code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33750">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:16">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38937 ‼</strong><br><br><code>IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33751">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:17">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-37934 ‼</strong><br><br><code>Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33752">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:18">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-43813 ‼</strong><br><br><code>Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43813">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33753">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:19">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-29214 ‼</strong><br><br><code>A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29214">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33754">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:25:21">
16:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-31746 ‼</strong><br><br><code>Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33755">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 16:32:52">
16:32
       </div>

       <div class="text">
<strong>❌ Next-Gen Maldocs &amp; How to Solve the Human Vulnerability ❌</strong><br><br><code>Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.</code><br><br><a href="https://threatpost.com/maldocs-malicious-office-documents-human-vulnerability/176916/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33756">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 17:39:08">
17:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Study: Most phishing pages are abandoned or disappear in a matter of days 🦿</strong><br><br><code>Research from Kaspersky finds that a quarter of phishing sites are gone within 13 hours — how in the world can we catch and stop cyber criminals that move so quickly?</code><br><br><a href="https://www.techrepublic.com/article/study-most-phishing-pages-are-abandoned-or-disappear-in-a-matter-of-days/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33757">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:09:08">
18:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Hackers reported 21% more vulnerabilities in 2021 than in 2020 🦿</strong><br><br><code>HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump?</code><br><br><a href="https://www.techrepublic.com/article/hackers-reported-21-more-vulnerabilities-in-2021-than-in-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33758">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:17">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4089 ‼</strong><br><br><code>snipe-it is vulnerable to Improper Access Control</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4089">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33759">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:18">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-31747 ‼</strong><br><br><code>Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31747">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33760">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:20">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23639 ‼</strong><br><br><code>The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33761">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:21">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-27983 ‼</strong><br><br><code>Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33762">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:22">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23663 ‼</strong><br><br><code>All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23663">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33763">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:23">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23700 ‼</strong><br><br><code>All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33764">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:24">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23463 ‼</strong><br><br><code>The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23463">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33765">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:25">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23561 ‼</strong><br><br><code>All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33766">

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 18:25:27">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-27984 ‼</strong><br><br><code>In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33767">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.12.2021 22:25:28">
22:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41242 ‼</strong><br><br><code>OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-979">

      <div class="body details">
11 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33768">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 12:26:08">
12:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4092 ‼</strong><br><br><code>yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33769">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:26:37">
22:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4097 ‼</strong><br><br><code>phpservermon is vulnerable to Improper Neutralization of CRLF Sequences</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33770">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:03">
22:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Hackers publish Vestas data following cyber attack 📢</strong><br><br><code>The move suggests the company didn’t comply with the hackers&apos; ransom demands</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361800/hackers-publish-vestas-data">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33771">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:05">
22:50
       </div>

       <div class="text">
<strong>📢 IT Pro News in Review: Google sues Russian hackers, Microsoft hikes 365 prices, Spar hit by cyber attack 📢</strong><br><br><code>Catch up on the biggest headlines of the week in just two minutes</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361804/news-in-review-google-russian-hackers-microsoft-365-spar">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33772">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:06">
22:50
       </div>

       <div class="text">
<strong>📢 South Australia government data breached in ransomware attack 📢</strong><br><br><code>Between 38,000 to 80,000 government employees might have been affected and potentially have had their data posted on the dark web</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361810/south-australia-government-data-breached-in-ransomware-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33773">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:07">
22:50
       </div>

       <div class="text">
<strong>📢 DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist 📢</strong><br><br><code>Loujain al-Hathloul alleges three ex-NSA mercenaries hacked her phone in 2017 and passed sensitive information on to Saudi Arabia</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361811/darkmatter-and-former-nsa-officers-sued-over-alleged-phone-hack-of-saudi">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33774">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:07">
22:50
       </div>

       <div class="text">
<strong>📢 Avast to acquire self-sovereign identity firm Evernym 📢</strong><br><br><code>The acquisition will help Avast enhance its decentralized identity solutions</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361802/avast-to-acquire-self-sovereign-identity-firm-evernym">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33775">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:09">
22:50
       </div>

       <div class="text">
<strong>📢 Microsoft Outlook displays full contact details for spoofed senders 📢</strong><br><br><code>Product harvests details from Active Directory without checking, say researchers</code><br><br><a href="https://www.itpro.co.uk/security/phishing/361805/microsoft-outlook-displays-full-contact-details-for-spoofed-senders">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33776">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:09">
22:50
       </div>

       <div class="text">
<strong>📢 LastPass announces integration with Google Workspace 📢</strong><br><br><code>Employers can now automatically provide employees with a LastPass account through Google’s directory integration</code><br><br><a href="https://www.itpro.co.uk/software/integration/361812/lastpass-announces-integration-with-google-workspace">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33777">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:10">
22:50
       </div>

       <div class="text">
<strong>📢 Russia blocks access to Tor in censorship push 📢</strong><br><br><code>The Russian government has blocked access to the project&apos;s website, and default Tor bridges are no longer working</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361797/russia-blocks-access-to-tor-in-censorship-push">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33778">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:12">
22:50
       </div>

       <div class="text">
<strong>📢 Top 200 most common passwords of 2021 revealed 📢</strong><br><br><code>Unsurprisingly, the vast majority take less than a second to crack</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361813/top-200-most-common-passwords-of-2021-revealed">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33779">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:13">
22:50
       </div>

       <div class="text">
<strong>📢 UK and US agree deeper data-sharing partnership 📢</strong><br><br><code>The partnership will see the two nations form a comprehensive strategy to share data that aligns with both domestic data sharing and protection frameworks</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361798/uk-and-us-agree-on-deeper-data-sharing-partnership">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33780">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:14">
22:50
       </div>

       <div class="text">
<strong>📢 HornetSecurity 365 Total Protection review: Keeping email squeaky clean 📢</strong><br><br><code>Tough email protection for Microsoft 365 that’s simple to deploy, easy to manage and very affordable</code><br><br><a href="https://www.itpro.co.uk/security/361741/hornetsecurity-365-total-protection-review-keeping-email-squeaky-clean">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33781">

      <div class="body">

       <div class="pull_right date details" title="11.12.2021 22:50:15">
22:50
       </div>

       <div class="text">
<strong>📢 Android bug prevents users from calling emergency services 📢</strong><br><br><code>Google has confirmed that the glitch is affecting devices that have Microsoft Teams installed</code><br><br><a href="https://www.itpro.co.uk/mobile/google-android/361801/android-bug-prevents-users-calling-911">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-980">

      <div class="body details">
12 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33782">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.12.2021 08:27:04">
08:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44833 ‼</strong><br><br><code>The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44833">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33783">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.12.2021 22:06:27">
22:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Log4Shell explained – how it works, why you need to know, and how to fix it ⚠</strong><br><br><code>Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-981">

      <div class="body details">
13 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33784">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:47">
03:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40858 ‼</strong><br><br><code>Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40858">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33785">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:47">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44847 ‼</strong><br><br><code>A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33786">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:48">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44154 ‼</strong><br><br><code>An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44154">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33787">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:49">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44155 ‼</strong><br><br><code>An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33788">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:50">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44151 ‼</strong><br><br><code>An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33789">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:54">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44848 ‼</strong><br><br><code>In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33790">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:55">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2018-25022 ‼</strong><br><br><code>The Onion module in toxcore before 0.2.2 doesn&apos;t restrict which packets can be onion-routed, which allows a remote attacker to discover a target user&apos;s IP address (when knowing only their Tox Id) by positioning themselves close to target&apos;s Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target&apos;s DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33791">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:56">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44153 ‼</strong><br><br><code>An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo &quot;C:\Windows\System32\calc.exe&quot; entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33792">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:56">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2018-25021 ‼</strong><br><br><code>The TCP Server module in toxcore before 0.2.8 doesn&apos;t free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system&apos;s memory, causing a denial of service (DoS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33793">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:12:57">
03:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44152 ‼</strong><br><br><code>An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user&apos;s account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33794">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:13:01">
03:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-40856 ‼</strong><br><br><code>Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33795">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 03:13:02">
03:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-40857 ‼</strong><br><br><code>Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33796">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:11:52">
10:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42549 ‼</strong><br><br><code>Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33797">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:22:02">
10:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24782 ‼</strong><br><br><code>The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24782">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33798">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:22:04">
10:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24819 ‼</strong><br><br><code>The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24819">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33799">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:22:05">
10:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24945 ‼</strong><br><br><code>The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24945">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33800">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:22:06">
10:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24872 ‼</strong><br><br><code>The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33801">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:22:06">
10:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24925 ‼</strong><br><br><code>The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33802">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:22:07">
10:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24954 ‼</strong><br><br><code>The User Registration, Login Form, User Profile &amp; Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33803">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:23:57">
10:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24861 ‼</strong><br><br><code>The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24861">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33804">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:23:57">
10:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24871 ‼</strong><br><br><code>The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33805">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:23:58">
10:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24848 ‼</strong><br><br><code>The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33806">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:23:59">
10:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24771 ‼</strong><br><br><code>The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the &quot;Quotes list&quot; even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33807">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:00">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43117 ‼</strong><br><br><code>fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33808">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:04">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-42548 ‼</strong><br><br><code>Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33809">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:05">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24855 ‼</strong><br><br><code>The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33810">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:06">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24792 ‼</strong><br><br><code>The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33811">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:08">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24747 ‼</strong><br><br><code>The SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the &quot;fn_my_ajaxified_dataloader_ajax&quot; AJAX request as the $_REQUEST[&apos;order&apos;][0][&apos;dir&apos;] parameter is not properly escaped leading to blind and error-based SQL injections.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24747">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33812">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:09">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24845 ‼</strong><br><br><code>The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type &amp; post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33813">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:10">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24922 ‼</strong><br><br><code>The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33814">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:11">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24784 ‼</strong><br><br><code>The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33815">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:12">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24896 ‼</strong><br><br><code>The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33816">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:14">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24863 ‼</strong><br><br><code>The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33817">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:15">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24756 ‼</strong><br><br><code>The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33818">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:24:16">
10:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-24795 ‼</strong><br><br><code>The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24795">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33819">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:46">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24951 ‼</strong><br><br><code>The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33820">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:47">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24859 ‼</strong><br><br><code>The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33821">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:48">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24972 ‼</strong><br><br><code>The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33822">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:49">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24790 ‼</strong><br><br><code>The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33823">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:50">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24780 ‼</strong><br><br><code>The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24780">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33824">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:54">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24818 ‼</strong><br><br><code>The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33825">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:55">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24705 ‼</strong><br><br><code>The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33826">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:56">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-42546 ‼</strong><br><br><code>Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33827">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:57">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24932 ‼</strong><br><br><code>The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33828">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:25:58">
10:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24955 ‼</strong><br><br><code>The User Registration, Login Form, User Profile &amp; Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33829">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:26:02">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42547 ‼</strong><br><br><code>Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33830">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:26:03">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24817 ‼</strong><br><br><code>The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33831">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:26:04">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24857 ‼</strong><br><br><code>The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33832">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 10:26:05">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24836 ‼</strong><br><br><code>The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33833">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 11:33:25">
11:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Zero-day vulnerability in Hillrom cardiology devices could allow attackers full control 🗓️</strong><br><br><code>Security flaw will be addressed in the next release</code><br><br><a href="https://portswigger.net/daily-swig/zero-day-vulnerability-in-hillrom-cardiology-devices-could-allow-attackers-full-control">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33834">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 12:11:30">
12:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why Cloud Service Providers Are a Single Point of Failure 🕴</strong><br><br><code>In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.</code><br><br><a href="https://www.darkreading.com/cloud/why-cloud-service-providers-are-a-single-point-of-failure">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33835">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 12:11:30">
12:11
       </div>

       <div class="text">
<strong>🕴 Why the Private Sector Is Key to Stopping Russian Hacking Group APT29 🕴</strong><br><br><code>Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/why-the-private-sector-is-key-to-stopping-russian-hacking-group-apt29">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33836">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 12:11:32">
12:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-36169 ‼</strong><br><br><code>A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36169">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33837">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 12:45:23">
12:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Zed Attack Proxy 2.11.1 Cross Platform Package 🛠</strong><br><br><code>The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.</code><br><br><a href="https://packetstormsecurity.com/files/165259/ZAP_2.11.1_Crossplatform.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33838">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 12:45:24">
12:45
       </div>

       <div class="text">
<strong>🕴 2 Website Threats to Address for the Holiday Shopping Rush 🕴</strong><br><br><code>Some tips for effectively combating Web supply chain attacks and customer hijacking via browser extensions.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/2-website-threats-to-address-ahead-of-the-holiday-shopping-rush">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33839">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:03">
14:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39944 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39944">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33840">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:05">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39933 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33841">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:07">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39938 ‼</strong><br><br><code>A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33842">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:08">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39919 ‼</strong><br><br><code>In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33843">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:10">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-40007 ‼</strong><br><br><code>There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33844">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:11">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39910 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39910">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33845">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:13">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-40008 ‼</strong><br><br><code>There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40008">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33846">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:15">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44966 ‼</strong><br><br><code>SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33847">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:16">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-43983 ‼</strong><br><br><code>WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33848">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:17">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39932 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33849">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:20">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39940 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33850">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:21">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39941 ‼</strong><br><br><code>An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33851">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:23">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39917 ‼</strong><br><br><code>An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33852">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:24">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39934 ‼</strong><br><br><code>Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33853">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:27">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44965 ‼</strong><br><br><code>Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44965">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33854">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:29">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39945 ‼</strong><br><br><code>Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39945">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33855">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:30">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39936 ‼</strong><br><br><code>Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project&apos;s disabled wiki.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39936">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33856">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:32">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39916 ‼</strong><br><br><code>Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33857">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:33">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39939 ‼</strong><br><br><code>An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33858">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:12:34">
14:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39915 ‼</strong><br><br><code>Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33859">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:41:31">
14:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Darktrace Reports Information Technology and Communications Sector Most Targeted by Cyberattackers in 2021 🕴</strong><br><br><code>Most targeted industry shifts from the financial and insurance sector in 2020.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/darktrace-reports-information-technology-and-communications-sector-most-targeted-by-cyberattackers-in-2021">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33860">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 14:41:32">
14:41
       </div>

       <div class="text">
<strong>🕴 Kaspersky Opens Doors to New Transparency Center in North America 🕴</strong><br><br><code>The opening marks the fifth center opened globally, fulfilling a key milestone within the Global Transparency Initiative.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/kaspersky-opens-doors-to-new-transparency-center-in-north-america">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33861">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 15:34:49">
15:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Log4Shell Is Spawning Even Nastier Mutations ❌</strong><br><br><code>The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.</code><br><br><a href="https://threatpost.com/apache-log4j-log4shell-mutations/176962/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33862">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:04:49">
16:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Malicious PyPI Code Packages Rack Up Thousands of Downloads ❌</strong><br><br><code>The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.</code><br><br><a href="https://threatpost.com/malicious-pypi-code-packages/176971/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33863">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:04:50">
16:04
       </div>

       <div class="text">
<strong>❌ Where the Latest Log4Shell Attacks Are Coming From ❌</strong><br><br><code>Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.</code><br><br><a href="https://threatpost.com/log4shell-attacks-origin-botnet/176977/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33864">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:07">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-39053 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33865">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:08">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-16156 ‼</strong><br><br><code>CPAN 2.28 allows Signature Verification Bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33866">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:09">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-39064 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33867">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:10">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-16155 ‼</strong><br><br><code>The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33868">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:11">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-39052 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33869">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:12">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-39065 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39065">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33870">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:13">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-16154 ‼</strong><br><br><code>The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16154">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33871">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:14">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43818 ‼</strong><br><br><code>lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33872">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:15">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-38947 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33873">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:16">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-39058 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33874">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 16:11:20">
16:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-39054 ‼</strong><br><br><code>IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim&apos;s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39054">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33875">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:11">
18:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39048 ‼</strong><br><br><code>IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33876">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:12">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-43814 ‼</strong><br><br><code>Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33877">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:13">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39049 ‼</strong><br><br><code>IBM i2 Analyst&apos;s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33878">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:14">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39057 ‼</strong><br><br><code>IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33879">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:16">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-32024 ‼</strong><br><br><code>A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33880">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:18">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2020-4496 ‼</strong><br><br><code>The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33881">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:19">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-43817 ‼</strong><br><br><code>Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session&apos;s authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33882">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:20">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39050 ‼</strong><br><br><code>IBM i2 Analyst&apos;s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33883">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:21">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-43822 ‼</strong><br><br><code>Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `&quot;` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33884">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:22">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-38901 ‼</strong><br><br><code>IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38901">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33885">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:23">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-39063 ‼</strong><br><br><code>IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33886">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:24">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-43801 ‼</strong><br><br><code>Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43801">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33887">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:12:26">
18:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-43823 ‼</strong><br><br><code>Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33888">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:47:55">
18:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j 🕴</strong><br><br><code>More than 60 variants of the original exploit were introduced over the last day alone.</code><br><br><a href="https://www.darkreading.com/application-security/40-of-corporate-networks-targeted-by-attackers-seeking-to-exploit-log4j">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33889">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 18:47:56">
18:47
       </div>

       <div class="text">
<strong>🕴 Why Classifying Ransomware as a National Security Threat Matters 🕴</strong><br><br><code>Government actions help starve attack groups of the resources - money, ability to recruit, and time.</code><br><br><a href="https://www.darkreading.com/dr-tech/why-classifying-ransomware-as-a-national-security-threat-matters">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33890">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 20:13:30">
20:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24045 ‼</strong><br><br><code>A type confusion vulnerability could be triggered when resolving the &quot;typeof&quot; unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33891">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 20:13:32">
20:13
       </div>

       <div class="text">
<strong>‼ CVE-2020-19042 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33892">

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 20:13:33">
20:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-41272 ‼</strong><br><br><code>Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for shifts between approximately 2 billion and 4 billion bits (nonsensical but valid values for the operation) will fail to execute and hence fail to validate. In networks where vulnerable versions are mining with other clients or non-vulnerable versions this will result in a fork and the relevant transactions will not be included in the fork. In networks where vulnerable versions are not mining (such as Rinkeby) no fork will result and the validator nodes will stop accepting blocks. In networks where only vulnerable versions are mining the relevant transaction will not be included in any blocks. When the network adds a non-vulnerable version the network will act as in the first case. Besu 21.10.2 contains a patch for this issue. Besu 21.7.4 is not vulnerable and clients can roll back to that version. There is a workaround available: Once a transaction with the relevant shift operations is included in the canonical chain, the only remediation is to make sure all nodes are on non-vulnerable versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33893">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 20:34:58">
20:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Kronos Ransomware Outage Drives Widespread Payroll Chaos ❌</strong><br><br><code>Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.</code><br><br><a href="https://threatpost.com/kronos-ransomware-outage-payroll-chaos/176984/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33894">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.12.2021 21:41:54">
21:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums 🕴</strong><br><br><code>Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.</code><br><br><a href="https://www.darkreading.com/crowdstrike/tales-from-the-dark-web-fingerprinting-access-brokers-on-criminal-forums">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-982">

      <div class="body details">
14 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33895">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 09:39:02">
09:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Log4Shell explained – how it works, why you need to know, and how to fix it ⚠</strong><br><br><code>Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33896">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:07:08">
10:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apple security updates are out – and not a Log4Shell mention in sight ⚠</strong><br><br><code>Get &apos;em while they&apos;re hot!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/14/apple-security-updates-are-out-and-not-a-log4shell-mention-in-sight/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33897">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:12:57">
10:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44524 ‼</strong><br><br><code>A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions &lt; V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33898">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:12:58">
10:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44435 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.1.1.0), JTTK (All versions &lt; V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44435">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33899">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:12:59">
10:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44010 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44010">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33900">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:00">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44005 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33901">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:01">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44017 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33902">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:05">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44015 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33903">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:07">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44441 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.1.1.0), JTTK (All versions &lt; V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33904">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:08">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44011 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44011">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33905">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:10">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44003 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33906">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:11">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44446 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.0.3.0), JTTK (All versions &lt; V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44446">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33907">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:11">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44448 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.0.3.0), JTTK (All versions &lt; V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44448">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33908">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:13">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44522 ‼</strong><br><br><code>A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions &lt; V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33909">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:14">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44431 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.1.1.0), JTTK (All versions &lt; V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44431">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33910">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:15">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44445 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V13.1.1.0), JTTK (All versions &lt; V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44445">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33911">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:19">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44449 ‼</strong><br><br><code>A vulnerability has been identified in JT Utilities (All versions &lt; V12.8.1.1), JTTK (All versions &lt; V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44449">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33912">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:20">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-4104 ‼</strong><br><br><code>JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4104">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33913">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:21">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44004 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33914">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:22">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44007 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33915">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:24">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44012 ‼</strong><br><br><code>A vulnerability has been identified in JT2Go (All versions &lt; V13.2.0.5), Teamcenter Visualization (All versions &lt; V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33916">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:13:25">
10:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44523 ‼</strong><br><br><code>A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions &lt; V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44523">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33917">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 10:35:42">
10:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Seedworm’ Attackers Target Telcos in Asia, Middle East ❌</strong><br><br><code>The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.</code><br><br><a href="https://threatpost.com/seedworm-attackers-telcos-asia-middle-east/176992/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33918">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 11:07:54">
11:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Severe Chrome bug allowed RCE on devices running remote headless interface 🗓️</strong><br><br><code>Attackers could read and write arbitrary files to a device’s hard drive</code><br><br><a href="https://portswigger.net/daily-swig/severe-chrome-bug-allowed-rce-on-devices-running-remote-headless-interface">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33919">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:12:53">
12:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Combat Misinformation by Getting Back to Security Basics 🕴</strong><br><br><code>One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/combat-misinformation-by-getting-back-to-security-basics">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33920">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:12:54">
12:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45014 ‼</strong><br><br><code>There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&amp;ctrl=update&amp;id=26</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33921">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:12:55">
12:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44538 ‼</strong><br><br><code>The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver&apos;s session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33922">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:12:55">
12:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45015 ‼</strong><br><br><code>taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33923">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:12:56">
12:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-3376 ‼</strong><br><br><code>An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33924">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:13:00">
12:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44935 ‼</strong><br><br><code>glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33925">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:13:01">
12:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-36721 ‼</strong><br><br><code>Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36721">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33926">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 12:13:02">
12:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44937 ‼</strong><br><br><code>glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33927">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 13:32:57">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ PyPI admins remove three malicious packages after more than 10,000 downloads 🗓️</strong><br><br><code>Two packages lay undiscovered for 10 months</code><br><br><a href="https://portswigger.net/daily-swig/pypi-admins-remove-three-malicious-packages-after-more-than-10-000-downloads">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33928">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:11:26">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to test if your Linux server is vulnerable to Log4j 🦿</strong><br><br><code>Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here&apos;s a single command you can run to test and see if you have any vulnerable packages installed.</code><br><br><a href="https://www.techrepublic.com/article/how-to-test-if-your-linux-server-is-vulnerable-to-log4j/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33929">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:11">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42061 ‼</strong><br><br><code>SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the &quot;Quick Prompt&quot; workflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33930">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:13">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42068 ‼</strong><br><br><code>When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33931">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:16">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42066 ‼</strong><br><br><code>SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33932">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:18">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39311 ‼</strong><br><br><code>The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33933">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:19">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39310 ‼</strong><br><br><code>The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33934">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:20">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-4007 ‼</strong><br><br><code>Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at &quot;C:\DLLs\python3.dll,&quot; which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent&apos;s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33935">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:21">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41066 ‼</strong><br><br><code>An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33936">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:23">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-3836 ‼</strong><br><br><code>dbeaver is vulnerable to Improper Restriction of XML External Entity Reference</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33937">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:25">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39312 ‼</strong><br><br><code>The True Ranker plugin &lt;= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33938">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:27">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-4107 ‼</strong><br><br><code>yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4107">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33939">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:28">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44949 ‼</strong><br><br><code>glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33940">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:30">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42064 ‼</strong><br><br><code>If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized &quot;in&quot; clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized &quot;in&quot; clause accepts more than 1000 values.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33941">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:31">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42367 ‼</strong><br><br><code>The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33942">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:32">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39319 ‼</strong><br><br><code>The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39319">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33943">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:33">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44232 ‼</strong><br><br><code>SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33944">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:35">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44231 ‼</strong><br><br><code>Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44231">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33945">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:36">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39315 ‼</strong><br><br><code>The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39315">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33946">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:37">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44549 ‼</strong><br><br><code>Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of &quot;man in the middle&quot; attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33947">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:40">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39313 ‼</strong><br><br><code>The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33948">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:15:41">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42069 ‼</strong><br><br><code>When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33949">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 14:35:29">
14:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ How to Buy Precious Patching Time as Log4j Exploits Fly ❌</strong><br><br><code>Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.</code><br><br><a href="https://threatpost.com/patching-time-log4j-exploits-vaccine/177017/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33950">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 15:05:30">
15:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ What the Log4Shell Bug Means for SMBs: Experts Weigh In ❌</strong><br><br><code>An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what&apos;s vulnerable, what an attack looks like and to how to remediate.</code><br><br><a href="https://threatpost.com/log4shell-bug-smbs-experts/177021/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33951">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 15:11:27">
15:11
       </div>

       <div class="text">
<strong>🦿 The 10 worst password snafus of 2021 🦿</strong><br><br><code>Dashlane&apos;s sixth annual list of the year&apos;s worst password offenders reveals the biggest password security mishaps for 2021.</code><br><br><a href="https://www.techrepublic.com/article/the-10-worst-password-snafus-of-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33952">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 15:11:29">
15:11
       </div>

       <div class="text">
<strong>🦿 E-commerce: How to build customer trust without sacrificing security 🦿</strong><br><br><code>Companies must attempt to divert cybercriminals without inconveniencing or possibly exposing customers and their data. One expert explains how it&apos;s possible.</code><br><br><a href="https://www.techrepublic.com/article/e-commerce-how-to-build-customer-trust-without-sacrificing-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33953">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 15:17:37">
15:17
       </div>

       <div class="text">
<strong>🕴 Source Code Leaks: The Real Problem Nobody Is Paying Attention To 🕴</strong><br><br><code>Source code is a corporate asset like any other, which makes it an attractive target for hackers.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/source-code-leaks-the-real-problem-nobody-is-paying-attention-to">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33954">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:14">
16:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44041 ‼</strong><br><br><code>UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim&apos;s machine or capture NTLM credentials by supplying a networked or WebDAV file path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33955">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:15">
16:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-38950 ‼</strong><br><br><code>IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33956">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:16">
16:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-43388 ‼</strong><br><br><code>Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43388">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33957">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:17">
16:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-40882 ‼</strong><br><br><code>A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33958">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:18">
16:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44042 ‼</strong><br><br><code>An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33959">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:20">
16:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44043 ‼</strong><br><br><code>An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33960">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 16:13:21">
16:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-43807 ‼</strong><br><br><code>Opencast is an Open Source Lecture Capture &amp; Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33961">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 17:12:04">
17:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Get a year of PlayStation Plus, a lifetime of learning and maximum VPN protection for $64 🦿</strong><br><br><code>You can send your career soaring by learning highly paid skills online from over 1,000 courses without worrying about security, and enjoy a bit of extra gaming during your breaks.</code><br><br><a href="https://www.techrepublic.com/article/get-a-year-of-playstation-plus-a-lifetime-of-learning-and-maximum-vpn-protection-for-64/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33962">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 17:23:21">
17:23
       </div>

       <div class="text">
<strong>♟️ Inside Ireland’s Public Healthcare Ransomware Scare ♟️</strong><br><br><code>The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland&apos;s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system&apos;s IT administrators failed to respond to multiple warning signs that a massive attack was imminent.</code><br><br><a href="https://krebsonsecurity.com/2021/12/inside-irelands-public-healthcare-ransomware-scare/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33963">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 17:35:33">
17:35
       </div>

       <div class="text">
<strong>❌ 400 Banks’ Customers Targeted with Anubis Trojan ❌</strong><br><br><code>The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.</code><br><br><a href="https://threatpost.com/400-banks-targeted-anubis-trojan/177038/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33964">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:11:30">
18:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 New Microsoft Exchange credential stealing malware could be worse than phishing 🦿</strong><br><br><code>While looking for additional Exchange vulnerabilities in the wake of this year&apos;s zero-days, Kaspersky found an IIS add-on that harvests credentials from OWA whenever, and wherever, someone logs in.</code><br><br><a href="https://www.techrepublic.com/article/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33965">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:33">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34426 ‼</strong><br><br><code>A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the &quot;keybase git lfs-config&quot; command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33966">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:34">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43821 ‼</strong><br><br><code>Opencast is an Open Source Lecture Capture &amp; Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast&apos;s host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43821">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33967">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:35">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-39183 ‼</strong><br><br><code>Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33968">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:37">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-4108 ‼</strong><br><br><code>snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4108">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33969">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:39">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34425 ‼</strong><br><br><code>The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link previewâ€� functionality. In versions prior to 5.7.3, if a user were to enable the chat’s “link previewâ€� feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34425">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33970">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:42">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43829 ‼</strong><br><br><code>PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33971">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:43">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43820 ‼</strong><br><br><code>Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn&apos;t check whether it&apos;s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33972">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:44">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2018-10228 ‼</strong><br><br><code>Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33973">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:45">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43051 ‼</strong><br><br><code>The Spotfire Server component of TIBCO Software Inc.&apos;s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.&apos;s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43051">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33974">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:47">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43828 ‼</strong><br><br><code>PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/&lt;owner_id&gt;/&lt;tmp_file&gt; In that, owner_id is predictable and tmp_file is in format of import_&lt;ownder_id&gt;_&lt;time_created&gt;, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43828">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33975">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:48">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43830 ‼</strong><br><br><code>OpenProject is a web-based project management software. OpenProject versions &gt;= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the &quot;Edit budgets&quot; permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you&apos;re upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33976">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:49">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-44948 ‼</strong><br><br><code>glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44948">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33977">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:50">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-40883 ‼</strong><br><br><code>A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33978">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:51">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-4044 ‼</strong><br><br><code>Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33979">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 18:14:54">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-45046 ‼</strong><br><br><code>It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this specific vulnerability. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. This issue can be mitigated in prior releases (&lt;2.16.0) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33980">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 19:18:15">
19:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Patches Zero-Day Spreading Emotet Malware 🕴</strong><br><br><code>The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/microsoft-patches-zero-day-spreading-emotet-malware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33981">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 19:35:38">
19:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery ❌</strong><br><br><code>December&apos;s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.</code><br><br><a href="https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33982">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 19:48:14">
19:48
       </div>

       <div class="text">
<strong>🕴 Ransomware Hits Virginia Legislative Agencies 🕴</strong><br><br><code>The attack forced a shutdown of computer systems and websites for Virginia legislative agencies and commissions, reports state.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ransomware-hits-virginia-legislative-agencies">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33983">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 19:48:15">
19:48
       </div>

       <div class="text">
<strong>🕴 Tool Overload &amp; Attack Surface Expansion Plague SOCs 🕴</strong><br><br><code>Security professionals are burning out from handling too many tools and facing a growing number of threats, and more than 40% see lack of leadership as the main problem.</code><br><br><a href="https://www.darkreading.com/operations/tool-overload-attack-surface-expansion-plague-socs">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33984">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 19:54:12">
19:54
       </div>

       <div class="text">
<strong>♟️ Microsoft Patch Tuesday, December 2021 Edition ♟️</strong><br><br><code>Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month&apos;s Patch Tuesday is being overshadowed by the &quot;Log4Shell&quot; 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.</code><br><br><a href="https://krebsonsecurity.com/2021/12/microsoft-patch-tuesday-december-2021-edition/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33985">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 20:13:23">
20:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44942 ‼</strong><br><br><code>glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33986">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 20:18:15">
20:18
       </div>

       <div class="text">
<strong>🕴 Propane Gas Distributor Hit With Ransomware 🕴</strong><br><br><code>North America-based Superior Plus &quot;temporarily disabled&quot; some of its systems in the wake of the attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33987">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 20:35:38">
20:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit ❌</strong><br><br><code>It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.</code><br><br><a href="https://threatpost.com/apple-ios-updates-iphone-13-jailbreak-exploit/177051/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33988">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 20:46:35">
20:46
       </div>

       <div class="text">
<strong>🦿 How to install Qubes OS as a virtual machine 🦿</strong><br><br><code>Qubes OS defines itself modestly as &quot;a reasonably secure operating system.&quot; It might actually be one of the safest operating systems, often used by pros who are most concerned with computer security.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-qubes-os-as-a-virtual-machine/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33989">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 20:50:02">
20:50
       </div>

       <div class="text">
<strong>🕴 Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors 🕴</strong><br><br><code>Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/attackers-target-log4j-to-drop-ransomware-web-shells-backdoors">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33990">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 21:18:22">
21:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ground Labs Research Reveals 71% of American Consumers are Unaware of Data Protection Laws 🕴</strong><br><br><code>Google Survey of 1,000 U.S. consumers uncovers data privacy disconnect, a call to action for businesses.</code><br><br><a href="https://www.darkreading.com/risk/ground-labs-research-reveals-71-of-american-consumers-are-unaware-of-data-protection-laws">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33991">

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 21:18:23">
21:18
       </div>

       <div class="text">
<strong>🕴 Tufin Introduces Security Policy Builder (SPB) App to Marketplace 🕴</strong><br><br><code>Automates security policy design to ensure compliance and reduce likelihood of breach announcing significant updates to other marketplace apps.</code><br><br><a href="https://www.darkreading.com/operations/tufin-introduces-security-policy-builder-spb-app-to-marketplace">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33992">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 21:35:40">
21:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ In 2022, Expect More Supply Chain Pain and Changing Security Roles ❌</strong><br><br><code>If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […]</code><br><br><a href="https://threatpost.com/supply-chain-pain-and-changing-security-roles/177058/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33993">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 22:13:31">
22:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43827 ‼</strong><br><br><code>discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `&lt;a&gt;` tags (e.g. `&lt;a&gt;^[footnote]&lt;/a&gt;`, the resulting rendered HTML would include a nested `&lt;a&gt;`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `&lt;a&gt;` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33994">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.12.2021 23:48:28">
23:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cisco&apos;s Ash Devata on Securing the Hybrid Workforce With Zero Trust 🕴</strong><br><br><code>Hybrid work is here to stay, and organizations can apply zero trust&apos;s three core principles to ensure a secure workforce, Devata says.</code><br><br><a href="https://www.darkreading.com/edge/cisco-ash-devata-on-hybrid-workforce-and-zero-trust">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-983">

      <div class="body details">
15 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33995">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 08:41:50">
08:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Log4j vulnerability: Why your hot take on it is wrong 🦿</strong><br><br><code>Commentary: Those searching for a single cause for the Log4j vulnerability – whether it&apos;s open source is not secure, or open source is not sustainable – are getting it wrong. It&apos;s a complicated issue.</code><br><br><a href="https://www.techrepublic.com/article/log4j-vulnerability-your-hot-take-is-wrong/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33996">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 11:06:15">
11:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apache’s Fix for Log4Shell Can Lead to DoS Attacks ❌</strong><br><br><code>Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.</code><br><br><a href="https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33997">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 11:21:11">
11:21
       </div>

       <div class="text">
<strong>🕴 Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices 🕴</strong><br><br><code>Kryptowire’s end-to-end cybersecurity engine identified vulnerabilities granting system user-level privileges for arbitrary shell script execution.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/kryptowire-collaborates-with-orange-and-finds-vulnerabilities-in-mobile-devices">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33998">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 12:14:15">
12:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4116 ‼</strong><br><br><code>yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33999">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 12:14:16">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-20330 ‼</strong><br><br><code>An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34000">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 12:19:15">
12:19
       </div>

       <div class="text">
<strong>🕴 Why Cloud Storage Isn&apos;t Immune to Ransomware 🕴</strong><br><br><code>Cloud security is a shared responsibility. which sometimes leads to security gaps and complexity in risk management.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/why-cloud-storage-isn-t-immune-to-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34001">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 12:47:14">
12:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OpenSSL Toolkit 1.1.1m 🛠</strong><br><br><code>OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.</code><br><br><a href="https://packetstormsecurity.com/files/165302/openssl-1.1.1m.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34002">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 13:03:29">
13:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ US government launches ‘Hack the DHS’ bug bounty program 🗓️</strong><br><br><code>Initiative will also invite selected security researchers to a live hacking event</code><br><br><a href="https://portswigger.net/daily-swig/us-government-launches-hack-the-dhs-bug-bounty-program">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34003">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 13:19:40">
13:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why We Need &quot;Developer-First&quot; Application Security 🕴</strong><br><br><code>The way to improve the security of the modern software development life cycle and reduce the number of application-based breaches is to re-center app security around the needs of developers.</code><br><br><a href="https://www.darkreading.com/application-security/why-we-need-developer-first-application-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34004">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 13:33:28">
13:33
       </div>

       <div class="text">
<strong>🗓️ Log4j: Security pros call for urgent patch implementation as in-the-wild exploitation continues 🗓️</strong><br><br><code>Initial, ‘incomplete’ patch created path to denial-of-service attacks</code><br><br><a href="https://portswigger.net/daily-swig/log4j-security-pros-call-for-urgent-patch-implementation-as-in-the-wild-exploitation-continues">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34005">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 13:41:56">
13:41
       </div>

       <div class="text">
<strong>🦿 Kodachi is the operating system for those who value privacy but don&apos;t want to learn Linux 🦿</strong><br><br><code>For anyone looking to gain an extra layer of privacy on a desktop or laptop, Kodachi Linux might be the perfect option. Jack Wallen highlights this live Linux distribution.</code><br><br><a href="https://www.techrepublic.com/article/kodachi-is-the-operating-system-for-those-who-value-privacy-but-dont-want-to-learn-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34006">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 13:41:58">
13:41
       </div>

       <div class="text">
<strong>🦿 Just in time for Christmas, Kronos payroll and HR cloud software goes offline due to ransomware 🦿</strong><br><br><code>The attack has led to an outage expected to last weeks, leaving companies scrambling to make payroll with the holidays right around the corner.</code><br><br><a href="https://www.techrepublic.com/article/just-in-time-for-christmas-kronos-payroll-and-hr-cloud-software-goes-offline-due-to-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34007">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 13:47:16">
13:47
       </div>

       <div class="text">
<strong>🛠 Log4j Recognizer 🛠</strong><br><br><code>This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.</code><br><br><a href="https://packetstormsecurity.com/files/165310/log4j-recognizer-main.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34008">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:20">
14:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43237 ‼</strong><br><br><code>Windows Setup Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34009">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:21">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43893 ‼</strong><br><br><code>Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43893">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34010">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:22">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43227 ‼</strong><br><br><code>Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34011">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:23">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43877 ‼</strong><br><br><code>ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34012">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:24">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43907 ‼</strong><br><br><code>Visual Studio Code WSL Extension Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43907">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34013">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:28">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41333 ‼</strong><br><br><code>Windows Print Spooler Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34014">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:29">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43892 ‼</strong><br><br><code>Microsoft BizTalk ESB Toolkit Spoofing Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34015">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:30">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43243 ‼</strong><br><br><code>VP9 Video Extensions Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34016">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:31">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43908 ‼</strong><br><br><code>Visual Studio Code Spoofing Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34017">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:32">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42312 ‼</strong><br><br><code>Microsoft Defender for IOT Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34018">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:33">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43889 ‼</strong><br><br><code>Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34019">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:34">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43216 ‼</strong><br><br><code>Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34020">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:35">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43675 ‼</strong><br><br><code>Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34021">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:36">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42320 ‼</strong><br><br><code>Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34022">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:37">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43256 ‼</strong><br><br><code>Microsoft Excel Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43256">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34023">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:41">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43905 ‼</strong><br><br><code>Microsoft Office app Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43905">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34024">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:44">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-44657 ‼</strong><br><br><code>In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34025">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:47">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43240 ‼</strong><br><br><code>NTFS Set Short Name Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34026">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:48">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43518 ‼</strong><br><br><code>Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client&apos;s stack causing denial of service or code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43518">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34027">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:14:51">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43222 ‼</strong><br><br><code>Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34028">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:25">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43248 ‼</strong><br><br><code>Windows Digital Media Receiver Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34029">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:26">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43247 ‼</strong><br><br><code>Windows TCP/IP Driver Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34030">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:27">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43883 ‼</strong><br><br><code>Windows Installer Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34031">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:29">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43238 ‼</strong><br><br><code>Windows Remote Access Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43238">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34032">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:30">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43882 ‼</strong><br><br><code>Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34033">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:32">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43899 ‼</strong><br><br><code>Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34034">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:33">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43891 ‼</strong><br><br><code>Visual Studio Code Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43891">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34035">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:35">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43890 ‼</strong><br><br><code>Windows AppX Installer Spoofing Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34036">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:36">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43246 ‼</strong><br><br><code>Windows Hyper-V Denial of Service Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34037">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:39">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44653 ‼</strong><br><br><code>Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34038">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:40">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43896 ‼</strong><br><br><code>Microsoft PowerShell Spoofing Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34039">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:42">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43242 ‼</strong><br><br><code>Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34040">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:43">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43245 ‼</strong><br><br><code>Windows Digital TV Tuner Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34041">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:45">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43239 ‼</strong><br><br><code>Windows Recovery Environment Agent Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34042">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:20:46">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43888 ‼</strong><br><br><code>Microsoft Defender for IoT Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34043">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:33:28">
14:33
       </div>

       <div class="text">
<strong>🗓️ Propane distributor Superior Plus admits ransomware breach 🗓️</strong><br><br><code>Clean up and damage assessment underway</code><br><br><a href="https://portswigger.net/daily-swig/propane-distributor-superior-plus-admits-ransomware-breach">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34044">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 14:49:24">
14:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Are the Pros and Cons of a SASE Architecture? 🕴</strong><br><br><code>SASE is a promising and burgeoning networking architecture approach, but it&apos;s not without some challenges.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/what-are-the-pros-and-cons-of-a-sase-architecture-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34045">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 15:19:55">
15:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Privacy and Safety Issues With Facebook&apos;s New &apos;Metaventure&apos; 🕴</strong><br><br><code>With access to a user&apos;s 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/privacy-and-safety-issues-with-facebook-s-new-metaventure-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34046">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 15:50:16">
15:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 IP Theft: Definition and Examples 🔏</strong><br><br><code>IP theft can have a long term damaging effects on a company. In this blog, we look at nearly 50 different examples of IP theft to help you better understand the threat.</code><br><br><a href="https://digitalguardian.com/blog/ip-theft-definition-and-examples">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34047">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 16:14:27">
16:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42216 ‼</strong><br><br><code>A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34048">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 16:36:20">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SAP Kicks Log4Shell Vulnerability Out of 20 Apps ❌</strong><br><br><code>SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.</code><br><br><a href="https://threatpost.com/sap-log4shell-vulnerability-apps/177069/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34049">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 16:36:22">
16:36
       </div>

       <div class="text">
<strong>❌ Malicious Exchange Server Module Hoovers Up Outlook Credentials ❌</strong><br><br><code>&quot;Owowa&quot; stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.</code><br><br><a href="https://threatpost.com/malicious-exchange-server-module-outlook-credentials/177077/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34050">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 16:41:57">
16:41
       </div>

       <div class="text">
<strong>🦿 Log4j: How to protect yourself from this security vulnerability 🦿</strong><br><br><code>As cybercriminals scan for susceptible servers, there are steps you can take to mitigate the Log4j critical vulnerability.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-yourself-from-the-log4j-security-vulnerability/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34051">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 16:49:28">
16:49
       </div>

       <div class="text">
<strong>🕴 Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace 🕴</strong><br><br><code>Cloud-native platform automates prevention, detection, and response to cyberattacks.</code><br><br><a href="https://www.darkreading.com/cloud/cybereason-announces-availability-of-ai-driven-cybereason-xdr-and-edr-on-google-cloud-marketplace">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34052">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 16:49:30">
16:49
       </div>

       <div class="text">
<strong>🕴 Kroll Acquires Security Compass Advisory 🕴</strong><br><br><code>Combined capabilities will help clients address the growing complexity of securing public, private and hybrid cloud, 5G, IoT, and industrial control systems</code><br><br><a href="https://www.darkreading.com/cloud/kroll-acquires-security-compass-advisory">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34053">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:04:38">
18:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory 🕴</strong><br><br><code>The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support.</code><br><br><a href="https://www.darkreading.com/omdia/analysis-log4j-vulnerability-highlights-the-value-of-defense-in-depth-accurate-inventory">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34054">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:04:39">
18:04
       </div>

       <div class="text">
<strong>🕴 Meta Expands Bug-Bounty Program to Include Data Scraping 🕴</strong><br><br><code>Scraping bugs and scraped databases are two new areas of research for the company&apos;s bug-bounty and data-bounty programs.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/meta-expands-bug-bounty-program-to-include-data-scraping">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34055">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:32:30">
18:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Initial access brokers: How are IABs related to the rise in ransomware attacks? 🦿</strong><br><br><code>Initial access brokers are cybercriminals who specialize in breaching companies and then selling the access to ransomware attackers. Learn how to protect your business from IABs.</code><br><br><a href="https://www.techrepublic.com/article/initial-access-brokers-how-are-iabs-related-to-the-rise-in-ransomware-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34056">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:09">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0970 ‼</strong><br><br><code>In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34057">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:12">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0931 ‼</strong><br><br><code>In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34058">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:14">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1013 ‼</strong><br><br><code>In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34059">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:17">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-39652 ‼</strong><br><br><code>In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34060">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:19">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-39639 ‼</strong><br><br><code>In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34061">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:20">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1004 ‼</strong><br><br><code>In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34062">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:21">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-39638 ‼</strong><br><br><code>In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34063">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:22">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0966 ‼</strong><br><br><code>In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34064">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:23">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0989 ‼</strong><br><br><code>In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34065">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:24">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-29847 ‼</strong><br><br><code>BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34066">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:26">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1006 ‼</strong><br><br><code>In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34067">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:28">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1045 ‼</strong><br><br><code>Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34068">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:29">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1029 ‼</strong><br><br><code>In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34069">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:31">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0964 ‼</strong><br><br><code>In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0964">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34070">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:31">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0925 ‼</strong><br><br><code>In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34071">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:33">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1039 ‼</strong><br><br><code>In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34072">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:34">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1047 ‼</strong><br><br><code>In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34073">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:37">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1032 ‼</strong><br><br><code>In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1032">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34074">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:38">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-0981 ‼</strong><br><br><code>In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191981182</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34075">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:35:39">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-1023 ‼</strong><br><br><code>In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195963373</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34076">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:49">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-1001 ‼</strong><br><br><code>In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190435883</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34077">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:50">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-39656 ‼</strong><br><br><code>In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34078">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:51">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0988 ‼</strong><br><br><code>In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34079">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:53">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-1040 ‼</strong><br><br><code>In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182810085</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34080">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:54">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43836 ‼</strong><br><br><code>Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34081">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:54">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0999 ‼</strong><br><br><code>In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34082">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:56">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0799 ‼</strong><br><br><code>In ActivityThread.java, there is a possible way to collide the content provider&apos;s authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197647956</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0799">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34083">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:58">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-0978 ‼</strong><br><br><code>In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34084">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:39:59">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-39642 ‼</strong><br><br><code>In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39642">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34085">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:00">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-35490 ‼</strong><br><br><code>Thruk 2.40-2 allows stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34086">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:01">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1020 ‼</strong><br><br><code>In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34087">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:04">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-0973 ‼</strong><br><br><code>In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34088">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:06">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1005 ‼</strong><br><br><code>In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34089">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:09">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-0971 ‼</strong><br><br><code>In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34090">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:11">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1017 ‼</strong><br><br><code>In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34091">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:13">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-0958 ‼</strong><br><br><code>In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200041882</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34092">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:16">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-39650 ‼</strong><br><br><code>In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39650">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34093">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:18">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1008 ‼</strong><br><br><code>In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1008">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34094">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:19">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-0932 ‼</strong><br><br><code>In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34095">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:40:22">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-4119 ‼</strong><br><br><code>bookstack is vulnerable to Improper Access Control</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4119">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34096">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:46:54">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-0923 ‼</strong><br><br><code>In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34097">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:46:56">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-0984 ‼</strong><br><br><code>In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages35.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>